In August 2020 we reported six vulnerabilities in SolarWinds N-Central 220.127.116.110 to the vendor.
The following CVE IDs were assigned to the issues :
- CVE-2020-25617: RCE in N-Central Administration Console (AdvancedScripts Endpoint)
- CVE-2020-25618: Local Privilege Escalation from nable User to root (N-Central Backend Server)
- CVE-2020-25619: Access to Internal Services through SSH Port Forwarding (N-Central Backend Server)
- CVE-2020-25620: SolarWinds Support Account with Default Credentials
- CVE-2020-25621: Local Database does not require Authentication (N-Central Backend Server)
- CVE-2020-25622: CSRF in N-Central Administration Console (AdvancedScripts Endpoint)
The vulnerabilities have been found in the course of an extensive research project, in which we analyze the security of multiple Unified Endpoint Management (UEM) solutions. Similar vulnerabilities have been found in other solutions as we pointed out in previous posts about the Ivanti DSM Suite and Nagios XI. The final outcome of the research project will be published as a whitepaper and possibly conference talk as soon as the project including all disclosure processes concludes.
We will provide a short description of the CVEs outlining the impact of the vulnerabilities. Technical details will be published in a whitepaper as mentioned above. All six vulnerabilities have been verified for SolarWinds N-Central 18.104.22.1680.Continue reading