CVE-2022-38108

HIGH

SolarWinds Platform - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-38108. PoCs published by Justin Hong, Lucas Miller, Piotr Bazydło, Spencer McIntyre, including Metasploit module exploits/windows/misc/solarwinds_amqp_deserialization.

AI-analyzed exploit summary This Metasploit module exploits a .NET deserialization vulnerability in SolarWinds Information Service (SWIS) via AMQP, allowing remote code execution as NT AUTHORITY\SYSTEM. It authenticates to the AMQP service and publishes a crafted message with a serialized payload.

Description

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Justin Hong, Lucas Miller, Piotr Bazydło, Spencer McIntyre · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/solarwinds_amqp_deserialization.rb

View Code ZIP pw:eip

This Metasploit module exploits a .NET deserialization vulnerability in SolarWinds Information Service (SWIS) via AMQP, allowing remote code execution as NT AUTHORITY\SYSTEM. It authenticates to the AMQP service and publishes a crafted message with a serialized payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Information Service (SWIS)

Auth required

Prerequisites: Network access to AMQP service (port 5671) · Valid credentials for AMQP authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources

https://packetstorm.news/files/id/171567

Vendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html

Scores

CVSS v3 7.2

EPSS 0.6955

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (4)

solarwinds/orion_platform 2020.2.6 (6 CPE variants)

solarwinds/orion_platform 2022.2

solarwinds/orion_platform 2022.3

solarwinds/orion_platform < 2020.2.6

Published Oct 20, 2022

Tracked Since Feb 18, 2026