CVE-2021-35215

HIGH

SolarWinds Orion Platform < 2020.2.5 - Authenticated Remote Code Execution via Insecure Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-35215. PoCs published by Y4er.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2021-35215, a deserialization vulnerability in the SolarWinds Orion Platform. The exploit leverages a crafted HTTP POST request to /Orion/RenderControl.aspx with a malicious SessionSecurityToken payload, generated using ysoserial.net, to achieve remote code execution.

Description

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Exploits (1)

nomisec WORKING POC 47 stars

by Y4er · poc

https://github.com/Y4er/CVE-2021-35215

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2021-35215, a deserialization vulnerability in the SolarWinds Orion Platform. The exploit leverages a crafted HTTP POST request to /Orion/RenderControl.aspx with a malicious SessionSecurityToken payload, generated using ysoserial.net, to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Orion Platform

Auth required

Prerequisites: Valid session cookies (authentication required) · Access to ysoserial.net for payload generation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Product, Vendor Advisory x_refsource_misc

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm

Patch, Vendor Advisory x_refsource_misc

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215

Broken Link x_refsource_misc

https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm

Third Party Advisory, VDB Entry x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-21-1245/

Scores

CVSS v3 8.9

EPSS 0.6924

EPSS Percentile 99.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Details

CWE

CWE-502

Status published

Products (1)

solarwinds/orion_platform < 2020.2.5

Published Sep 01, 2021

Tracked Since Feb 18, 2026