CVE-2017-7722

CRITICAL

SolarWinds LEM <6.3.1 Hotfix 4 - RCE

Title source: llm

Description

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/solarwinds_lem_exec.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/

[Mitigation, Patch, Vendor Advisory] https://thwack.solarwinds.com/thread/111223

Scores

CVSS v3 10.0

EPSS 0.4994

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-77

Status draft

Affected Products (1)

solarwinds/log_\&_event_manager

Timeline

Published Apr 12, 2017

Tracked Since Feb 18, 2026