CVE-2020-7984 - OpenCVE

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	N-central

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:n-central::::::::
	cpe:2.3:a:solarwinds:n-central::::::::

No data.

References

Link	Providers
https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5
https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5
https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2
https://github.com/flipflopfpv
https://packetstormsecurity.com/files/156033
https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central
https://twitter.com/SecurityNewsbot/status/1219722631898812416
https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-26T20:04:06

Updated: 2024-08-04T09:48:24.994Z

Reserved: 2020-01-26T00:00:00

Link: CVE-2020-7984

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-26T21:15:10.387

Modified: 2020-02-05T15:08:37.643

Link: CVE-2020-7984

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-26T20:04:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5"}, {"tags": ["x_refsource_MISC"], "url": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs"}, {"tags": ["x_refsource_MISC"], "url": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central"}, {"tags": ["x_refsource_MISC"], "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2"}, {"tags": ["x_refsource_MISC"], "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/flipflopfpv"}, {"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/156033"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/SecurityNewsbot/status/1219722631898812416"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7984", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5", "refsource": "MISC", "url": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5"}, {"name": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs", "refsource": "MISC", "url": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs"}, {"name": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central", "refsource": "MISC", "url": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central"}, {"name": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2", "refsource": "MISC", "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2"}, {"name": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5", "refsource": "MISC", "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5"}, {"name": "https://github.com/flipflopfpv", "refsource": "MISC", "url": "https://github.com/flipflopfpv"}, {"name": "https://packetstormsecurity.com/files/156033", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/156033"}, {"name": "https://twitter.com/SecurityNewsbot/status/1219722631898812416", "refsource": "MISC", "url": "https://twitter.com/SecurityNewsbot/status/1219722631898812416"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:24.994Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flipflopfpv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packetstormsecurity.com/files/156033"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/SecurityNewsbot/status/1219722631898812416"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7984", "datePublished": "2020-01-26T20:04:06", "dateReserved": "2020-01-26T00:00:00", "dateUpdated": "2024-08-04T09:48:24.994Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:n-central:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D6491E4-72F5-4F8D-AEAA-6DA7590F6FAB", "versionEndExcluding": "12.1.1.404", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:n-central:*:*:*:*:*:*:*:*", "matchCriteriaId": "5357BA14-B1C9-4E9F-9412-8961014B38A1", "versionEndExcluding": "12.2.1.280", "versionStartIncluding": "12.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration."}, {"lang": "es", "value": "SolarWinds N-central versiones anteriores a 12.1 SP1 HF5 y versiones 12.2 anteriores a SP1 HF2, permite a atacantes remotos recuperar credenciales de administrador de dominio de texto sin cifrar de la configuraci\u00f3n de Agent & Probe, y obtener otra informaci\u00f3n confidencial. El atacante puede utilizar un ID de cliente para registrarse a si mismo y leer cualquier aspecto de la configuraci\u00f3n de agent/appliance."}], "id": "CVE-2020-7984", "lastModified": "2020-02-05T15:08:37.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-26T21:15:10.387", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/flipflopfpv"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/156033"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/SecurityNewsbot/status/1219722631898812416"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}