CVE-2012-2602

SolarWinds Orion NPM <10.3.1 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2602. PoCs published by muts.

AI-analyzed exploit summary This JavaScript exploit demonstrates a persistent XSS vulnerability in SolarWinds Orion NPM 10.2.2, allowing an attacker to inject malicious scripts via SNMP fields (syslocation, syscontact, sysName) and perform CSRF attacks to create admin accounts.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

Exploits (1)

exploitdb WORKING POC VERIFIED

by muts · javascriptwebappswindows

https://www.exploit-db.com/exploits/20011

View Code ZIP pw:eip

This JavaScript exploit demonstrates a persistent XSS vulnerability in SolarWinds Orion NPM 10.2.2, allowing an attacker to inject malicious scripts via SNMP fields (syslocation, syscontact, sysName) and perform CSRF attacks to create admin accounts.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Orion Network Performance Monitor 10.2.2

No auth needed

Prerequisites: Access to modify SNMP fields on a scanned system · Victim must access the SolarWinds Orion interface

MITRE ATT&CK