CVE-2022-36957
published 2022-10-20CVE-2022-36957: SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account…
PriorityP356high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
12.31%
95.7th percentile
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | orion_platform | < 2020.2.6 | 2020.2.6 |
| solarwinds | orion_platform | — | — |
| solarwinds | orion_platform | — | — |
| solarwinds | orion_platform | — | — |
| solarwinds | orion_platform | unspecified – 2020.2.6 HF5 and prior versions | — |
| solarwinds | solarwinds_platform | unspecified – 2022.3 and prior versions | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trendmicro
Finding Deserialization Bugs in the SolarWinds Platform
blogs_trendmicro·2023-09-21·CVSS 7.2
[HIGH] Finding Deserialization Bugs in the SolarWinds Platform
## Finding Deserialization Bugs in the SolarWinds Platform
How to find deserialization bugs in the SolarWinds platform.
By: Zero Day Initiative Sep 21, 2023 Read time: ( words)
Save to Folio
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.
Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues in SolarWinds deserialization.
In this blog post, I would like to present four old vulnerabilities that were fixe
Trendmicro
Finding Deserialization Bugs in the SolarWinds Platform
blogs_trendmicro·2023-09-21·CVSS 7.2
[HIGH] Finding Deserialization Bugs in the SolarWinds Platform
# Finding Deserialization Bugs in the SolarWinds Platform
How to find deserialization bugs in the SolarWinds platform.
By: Zero Day Initiative
2023/09/21
Read time: ( words)
Save to Folio
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.
Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues in SolarWinds deserialization.
In this blog post, I would like to present four old vulnerabilities that were fixed
Trendmicro
Finding Deserialization Bugs in the SolarWinds Platform
blogs_trendmicro·2023-09-21·CVSS 7.2
[HIGH] Finding Deserialization Bugs in the SolarWinds Platform
## Finding Deserialization Bugs in the SolarWinds Platform
How to find deserialization bugs in the SolarWinds platform.
By: Zero Day Initiative 2023/09/21 Read time: ( words)
Save to Folio
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences.
Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”. The entire talk and research was inspired by two small research projects, one of which focused on issues in SolarWinds deserialization.
In this blog post, I would like to present four old vulnerabilities that were fixed
2022-10-20
Published