CVE-2020-12608

HIGH

SolarWinds MSP PME <1.1.15 - Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-12608. PoCs published by Jens Regel.

AI-analyzed exploit summary This PoC exploits insecure file permissions in SolarWinds MSP Cache Service to modify CacheService.xml, redirecting the update server URL to an attacker-controlled server. The attacker then serves a malicious executable (e.g., reverse shell) which is downloaded and executed with SYSTEM privileges.

Description

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.

Exploits (1)

exploitdb WORKING POC

by Jens Regel · textlocalwindows

https://www.exploit-db.com/exploits/48448

View Code ZIP pw:eip

This PoC exploits insecure file permissions in SolarWinds MSP Cache Service to modify CacheService.xml, redirecting the update server URL to an attacker-controlled server. The attacker then serves a malicious executable (e.g., reverse shell) which is downloaded and executed with SYSTEM privileges.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds MSP PME (Patch Management Engine) before 1.1.15

No auth needed

Prerequisites: Local access to the system · Ability to modify CacheService.xml · Control over a web server to host malicious files

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1548.002 - Bypass User Account Control T1573.001 - Symmetric Cryptography

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608

View Exploit ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157591/SolarWinds-MSP-PME-Cache-Service-Insecure-File-Permissions-Code-Execution.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/May/23

Scores

CVSS v3 7.8

EPSS 0.2240

EPSS Percentile 97.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

solarwinds/managed_service_provider_patch_management_engine < 1.1.15

Published May 07, 2020

Tracked Since Feb 18, 2026