Vulnerability Report

CVE-2021-35215

RCE

Title: Insecure deserialization RCE in Orion Platform

RCE

Proof Of Concept

PoC Available for CVE-2021-35215

CWE Category CWE-502

Published Date Sep 01, 2021

Modified Date Nov 21, 2024

Exploit Status Available

Score 8.9 CVSS v3.1

Exploit Probability (EPSS)

82.76%

Vulnerability Summary

CVE-2021-35215: Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Impacted Vendors

solarwinds 1

Reference Links

https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215 https://www.zerodayinitiative.com/advisories/ZDI-21-1245/ https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215 https://www.zerodayinitiative.com/advisories/ZDI-21-1245/

CVSS v3.1

Source Entity [email protected]

Severity HIGH

8.9

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CVSS v3.1

Source Entity [email protected]

Severity HIGH

8.8

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:S/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2021-35215 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/Y4er/CVE-2021-35215

View Code

November 21, 2024 MODIFIED

Vulnerability data or affected products updated.

September 01, 2021 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector ADJACENT_NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Affected Stack

No specific products linked.