Vulnerability Details : CVE-2014-9566
Public exploit exists!
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
Vulnerability category: Sql Injection
Products affected by CVE-2014-9566
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_netflow_traffic_analyzer:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_configuration_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_ip_address_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_user_device_tracker:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_voip_\&_network_quality_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_server_and_application_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_web_performance_monitor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9566
78.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-9566
-
Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
Disclosure Date: 2015-02-24First seen: 2020-04-26auxiliary/gather/solarwinds_orion_sqliThis module exploits a stacked SQL injection in order to add an administrator user to the SolarWinds Orion database. Authors: - Brandon Perry
CVSS scores for CVE-2014-9566
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-9566
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9566
-
http://www.exploit-db.com/exploits/36262
SolarWinds Orion Service - SQL Injection - Windows webapps ExploitExploit
-
http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html
Volatile Minds: Authenticated Stacked SQL injection in core Solarwinds Orion service (CVE-2014-9566)Exploit
-
http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html
Solarwinds Orion Service SQL Injection ≈ Packet StormExploit
-
https://github.com/rapid7/metasploit-framework/pull/4836
Solarwinds Core Orion Service SQL injection (CVE-2014-9566) by brandonprry · Pull Request #4836 · rapid7/metasploit-framework · GitHub
-
http://seclists.org/fulldisclosure/2015/Mar/18
Full Disclosure: Multiple SQL injections in core Orion service affecting many Solarwinds products (CVE-2014-9566)Exploit
-
http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm
404 - File or directory not found.Vendor Advisory
-
http://osvdb.org/show/osvdb/118746
Jump to