CVE-2021-35215

HIGH

Orion Platform <2020.2.5 - RCE

Title source: llm

Description

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Exploits (1)

nomisec WORKING POC 47 stars

by Y4er · poc

https://github.com/Y4er/CVE-2021-35215

View Code ZIP pw:eip

References (4)

[Broken Link] https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm

[Product, Vendor Advisory] https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm

[Patch, Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-21-1245/

Scores

CVSS v3 8.9

EPSS 0.8276

EPSS Percentile 99.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Classification

CWE

CWE-502

Status published

Affected Products (1)

solarwinds/orion_platform < 2020.2.5

Timeline

Published Sep 01, 2021

Tracked Since Feb 18, 2026