Vulnerability Details : CVE-2020-10148
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
Vulnerability category: BypassGain privilege
CVE-2020-10148 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:SolarWinds Orion Authentication Bypass Vulnerability
CISA required action:Apply updates per vendor instructions.
CISA description:SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
Added on 2021-11-03 Action due date 2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-10148
Probability of exploitation activity in the next 30 days: 97.32%
CVSS scores for CVE-2020-10148
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2020-10148
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: [email protected] (Primary)
A product requires authentication, but the product has an alternate path or channel that does not require authentication.Assigned by: [email protected] (Secondary)
References for CVE-2020-10148
Products affected by CVE-2020-10148