CVE-2020-10148

CRITICAL KEV NUCLEI

SolarWinds Orion Platform 2019.4 HF 5, 2020.2, 2020.2 HF 1 - Unauthenticated API Authentication Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-10148 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 3 public exploits from researchers including B1anda0, rdoix, horrister. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that scans for CVE-2020-10148, a remote code execution vulnerability in SolarWinds Orion API. The script checks for the presence of specific strings in the response to determine if the target is vulnerable.

Description

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Exploits (3)

nomisec SCANNER 10 stars
by B1anda0 · remote
https://github.com/B1anda0/CVE-2020-10148

This repository contains a Python script that scans for CVE-2020-10148, a remote code execution vulnerability in SolarWinds Orion API. The script checks for the presence of specific strings in the response to determine if the target is vulnerable.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SolarWinds Orion API versions before 2020.2.1 HF 2 and 2019.4 HF 6
No auth needed
Prerequisites: List of target URLs in a text file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by rdoix · remote
https://github.com/rdoix/CVE-2020-10148-Solarwinds-Orion

This PoC exploits CVE-2020-10148, a local file disclosure vulnerability in SolarWinds Orion, by leveraging a path traversal issue in the .i18n.ashx handler to bypass authentication and retrieve sensitive files like web.config and SWNetPerfMon.db.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SolarWinds Orion (versions affected by CVE-2020-10148)
No auth needed
Prerequisites: Network access to the SolarWinds Orion web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 1 stars
by horrister · remote
https://github.com/horrister/solarwinds-sunburst-cve-2020-10148

This repository contains detection tools for CVE-2020-10148 (SolarWinds SUNBURST), including a DNS encoding demonstrator, DLL hash verifier, and IOC scanners. It does not include functional exploit code but provides utilities to identify compromised systems.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Orion Platform (2019.4 HF5, 2020.2, 2020.2 HF1)
No auth needed
Prerequisites: Access to target system for scanning · SolarWinds Orion installation for DLL verification
devstral-2 · analyzed Jun 07, 2026 Full analysis →

Nuclei Templates (1)

SolarWinds Orion API - Auth Bypass
CRITICALby dwisiswant0

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
https://www.solarwinds.com/securityadvisory
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://kb.cert.org/vuls/id/843464
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/843464

Scores

CVSS v3 9.8
EPSS 0.9435
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-04-29
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-2611
CWE
CWE-306 CWE-288
Status published
Products (3)
solarwinds/orion_platform 2019.4 hotfix5
solarwinds/orion_platform 2020.2
solarwinds/orion_platform 2020.2.1 hotfix1
Published Dec 29, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026