Vulnerability Details : CVE-2012-2602
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2012-2602
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1.13.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2602
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2602
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2602
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2602
-
http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm
404 - File or directory not found.
-
http://www.securityfocus.com/bid/54624
SolarWinds Orion Network Performance Monitor (NPM) Multiple Security VulnerabilitiesExploit
-
http://www.exploit-db.com/exploits/20011
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities - Windows webapps ExploitExploit
-
http://www.kb.cert.org/vuls/id/174119
VU#174119 - Solarwinds Network Performance Monitor 10.2.2 contains multiple vulnerabilitiesUS Government Resource
Jump to