CVE-2015-2284

Solarwinds Firewall Security Manager < 6.6.5 - Access Control

Title source: rule

Description

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/36679

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by rgod · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/solarwinds_fsm_userlogin.rb

View Code ZIP pw:eip

References (1)

[Patch] http://www.zerodayinitiative.com/advisories/ZDI-15-107/

Scores

EPSS 0.7987

EPSS Percentile 99.1%

Details

CWE

CWE-264

Status published

Products (1)

solarwinds/firewall_security_manager < 6.6.5

Published Mar 24, 2015

Tracked Since Feb 18, 2026