CVE-2021-35248 - OpenCVE

It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Solarwinds	Orion Platform

Configuration 1 [-]

AND

OR	cpe:2.3:a:solarwinds:orion_platform::::::::
	cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-::::::
	cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1::::::
	cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm	Vendor Advisory
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3	Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-12-20T00:00:00

Updated: 2023-08-03T20:32:27.141Z

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35248

JSON object: View

NVD Information

Status : Modified

Published: 2021-12-20T21:15:08.157

Modified: 2023-08-03T21:15:11.923

Link: CVE-2021-35248

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Orion ", "vendor": "SolarWinds", "versions": [{"lessThan": " 2020.2.6 HF 3 ", "status": "affected", "version": "2020.2.6 HF 2 and previous versions ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "N/A"}], "datePublic": "2021-12-19T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.</p>"}], "value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:32:27.141Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248"}, {"tags": ["x_refsource_MISC"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This vulnerability has been fixed in Orion version 2020.2.6 HF3, customers are advised to upgrade to the latest version once it it is available.</p>"}], "value": "This vulnerability has been fixed in Orion version 2020.2.6 HF3, customers are advised to upgrade to the latest version once it it is available.\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:</p><p>https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-access-to-Orion-UserSettings-SWIS-entity-for-low-privilege-users-CVE-2021-35248</p>"}], "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:\n\nhttps://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-access-to-Orion-UserSettings-SWIS-entity-for-low-privilege-users-CVE-2021-35248\n\n"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-12-20T11:16:00.000Z", "ID": "CVE-2021-35248", "STATE": "PUBLIC", "TITLE": "Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Orion ", "version": {"version_data": [{"platform": "Windows ", "version_affected": "<", "version_name": "2020.2.6 HF 2 and previous versions ", "version_value": " 2020.2.6 HF 3 "}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "N/A"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248"}, {"name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3", "refsource": "MISC", "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3"}, {"name": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm", "refsource": "MISC", "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"}]}, "solution": [{"lang": "en", "value": "This vulnerability has been fixed in Orion version 2020.2.6 HF3, customers are advised to upgrade to the latest version once it it is available."}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below:https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-Unrestricted-access-to-Orion-UserSettings-SWIS-entity-for-low-privilege-users-CVE-2021-35248"}]}}}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35248", "datePublished": "2021-12-20T00:00:00", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2023-08-03T20:32:27.141Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "01CD6BD2-A53E-4AB1-A08C-00540EC437E8", "versionEndExcluding": "2020.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:*", "matchCriteriaId": "AD239861-0422-45EE-9A3B-EED4F87F38F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1:*:*:*:*:*:*", "matchCriteriaId": "D577F745-35B0-44D8-A457-FD00C4FD4F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "884E1621-E848-4769-BEF6-95A87F52A538", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.\n\n"}, {"lang": "es", "value": "Se ha informado de que cualquier usuario de Orion, por ejemplo, las cuentas de invitados pueden consultar la entidad Orion.UserSettings y enumerar los usuarios y su configuraci\u00f3n b\u00e1sica"}], "id": "CVE-2021-35248", "lastModified": "2023-08-03T21:15:11.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-12-20T21:15:08.157", "references": [{"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}