CVE-2015-2284

SolarWinds Firewall Security Manager < 6.6.5 - Remote Code Execution via Client Session Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-2284. PoCs published by Metasploit, rgod, including Metasploit module exploits/windows/http/solarwinds_fsm_userlogin.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in SolarWinds Firewall Security Manager 6.6.5, leading to remote code execution as SYSTEM. It abuses session manipulation and file upload functionality to deploy a malicious JSP payload.

Description

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/36679

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in SolarWinds Firewall Security Manager 6.6.5, leading to remote code execution as SYSTEM. It abuses session manipulation and file upload functionality to deploy a malicious JSP payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Firewall Security Manager 6.6.5

No auth needed

Prerequisites: Network access to the target's Change Advisor interface (port 48080 or 8080) · Target must be running SolarWinds FSM 6.6.5

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by rgod · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/solarwinds_fsm_userlogin.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass and file upload vulnerability in SolarWinds Firewall Security Manager 6.6.5 to achieve remote code execution. It leverages session manipulation and malicious JSP upload to execute arbitrary payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Firewall Security Manager 6.6.5

No auth needed

Prerequisites: Target must be running SolarWinds FSM 6.6.5 with Change Advisor interface accessible · Network access to port 48080 or 8080

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-15-107/

Scores

EPSS 0.7421

EPSS Percentile 99.4%

Details

CWE

CWE-264

Status published

Products (1)

solarwinds/firewall_security_manager < 6.6.5

Published Mar 24, 2015

Tracked Since Feb 18, 2026