📦

network_configuration_manager

Vendor: solarwinds

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 4 Remote Access
Total CVEs 10 Total Indexed
Avg. EPSS 2.42% Exploit Prob.
Latest CVE CVE-2023-40055 Nov 09

Security Vulnerability Index

Page 1 / 1
8.0 CVSS
CVE-2023-40055
RCE

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227

EPSS: 3.55%
8.0 CVSS
CVE-2023-40054
RCE

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226

EPSS: 1.39%
4.5 CVSS
CVE-2023-33228

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

EPSS: 0.04%
8.0 CVSS
CVE-2023-33227
RCE

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.

EPSS: 3.55%
8.0 CVSS
CVE-2023-33226
RCE

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

EPSS: 3.55%
6.5 CVSS
CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

EPSS: 0.31%
6.8 CVSS
CVE-2014-3459

Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.

EPSS: 4.55%