CVE-2021-35225 - OpenCVE

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Network Performance Monitor

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:network_performance_monitor::::::::
	cpe:2.3:a:solarwinds:network_performance_monitor:2020.2.6:hotfix1::::::

No data.

References

Link	Providers
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225

History

No history.

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-10-21T17:39:59.717660Z

Updated: 2024-09-17T00:11:06.373Z

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35225

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-21T18:15:09.880

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-35225

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "NPM", "vendor": "SolarWinds", "versions": [{"lessThan": "2020.2.6 Hotfix 2", "status": "affected", "version": "2020.2.6 Hotfix 1 and previous versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank Preston Deason, Chad Larson, and Zachary Riezenman for reporting on the issue in a responsible manner"}], "datePublic": "2021-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-21T17:39:59", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US"}, {"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225"}], "solutions": [{"lang": "en", "value": "SolarWinds recommends upgrading to the latest version of Network Performance Monitor 2020.2.6 Hotfix 2 as soon as it becomes available. All customers should review and implement all of the recommendations from the Orion Secure Configuration Guide"}], "source": {"discovery": "UNKNOWN"}, "title": "Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5", "workarounds": [{"lang": "en", "value": "In the mentioned workaround, Customers can restrict the viewing of access rights for non-admin users via Orion UI. \\nhttps://support.solarwinds.com/SuccessCenter/s/article/Orion-NPM-NetPath-account-limitations?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-10-21T09:06:00.000Z", "ID": "CVE-2021-35225", "STATE": "PUBLIC", "TITLE": "Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NPM", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "2020.2.6 Hotfix 1 and previous versions", "version_value": "2020.2.6 Hotfix 2"}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank Preston Deason, Chad Larson, and Zachary Riezenman for reporting on the issue in a responsible manner"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5"}]}]}, "references": {"reference_data": [{"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm", "refsource": "MISC", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"name": "https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US", "refsource": "MISC", "url": "https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US"}, {"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225"}]}, "solution": [{"lang": "en", "value": "SolarWinds recommends upgrading to the latest version of Network Performance Monitor 2020.2.6 Hotfix 2 as soon as it becomes available. All customers should review and implement all of the recommendations from the Orion Secure Configuration Guide"}], "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "In the mentioned workaround, Customers can restrict the viewing of access rights for non-admin users via Orion UI. \\nhttps://support.solarwinds.com/SuccessCenter/s/article/Orion-NPM-NetPath-account-limitations?language=en_US"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.241Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225"}]}]}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35225", "datePublished": "2021-10-21T17:39:59.717660Z", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2024-09-17T00:11:06.373Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:network_performance_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FF19596-5A41-4DBB-AF84-20E4522AF5B0", "versionEndIncluding": "2020.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:network_performance_monitor:2020.2.6:hotfix1:*:*:*:*:*:*", "matchCriteriaId": "A65AA976-64C5-43B4-A420-5932E58D9306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination."}, {"lang": "es", "value": "Cada usuario autenticado de Orion Platform en un entorno MSP (Managed Service Provider) puede visualizar y navegar todos los servicios NetPath de todos los clientes de ese MSP. Esto puede conllevar a que cualquier usuario tenga una visi\u00f3n limitada de la infraestructura de otros clientes y una posible contaminaci\u00f3n cruzada de datos"}], "id": "CVE-2021-35225", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-10-21T18:15:09.880", "references": [{"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35225"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}