CVE-2021-28674
MEDIUMSolarWinds Orion Platform < 2020.2.5 - Authenticated Node Creation and Deletion via Predictable Node IDs
Title source: llmDescription
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://pastebin.com/zFUd2cCj
Patch, Vendor Advisory x_refsource_confirm
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-28674
Scores
CVSS v3
5.4
EPSS
0.0091
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-330
CWE-863
Status
published
Products (1)
solarwinds/orion_platform
< 2020.2.5
Published
Jul 30, 2021
Tracked Since
Feb 18, 2026