{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33224", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2023-05-18T17:07:54.138Z", "datePublished": "2023-07-26T13:53:31.357Z", "dateUpdated": "2024-10-23T15:37:37.577Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SolarWinds Platform", "vendor": "SolarWinds", "versions": [{"lessThan": "2023.3", "status": "affected", "version": "0", "versionType": "2023.3"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."}], "datePublic": "2023-07-25T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges."}], "value": "The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-696", "description": "CWE-696: Incorrect Behavior Order", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:23:59.784Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3<br>"}], "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3\n"}], "source": {"discovery": "EXTERNAL"}, "title": "SolarWinds Platform Incorrect Behavior Order Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.845Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224", "tags": ["x_transferred"]}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T15:37:29.248902Z", "id": "CVE-2023-33224", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T15:37:37.577Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224", "tags": ["x_transferred"]}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.845Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T15:37:29.248902Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T15:37:33.561Z"}}], "cna": {"title": "SolarWinds Platform Incorrect Behavior Order Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "SolarWinds Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "2023.3", "versionType": "2023.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3\n", "supportingMedia": [{"type": "text/html", "value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3<br>", "base64": false}]}], "datePublic": "2023-07-25T00:00:00.000Z", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224"}, {"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.", "supportingMedia": [{"type": "text/html", "value": "The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-696", "description": "CWE-696: Incorrect Behavior Order"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:23:59.784Z"}}}, "cveMetadata": {"cveId": "CVE-2023-33224", "state": "PUBLISHED", "dateUpdated": "2024-10-23T15:37:37.577Z", "dateReserved": "2023-05-18T17:07:54.138Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2023-07-26T13:53:31.357Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "9722CBBC-46EC-4167-8E98-AEBB8ACF74D8", "versionEndExcluding": "2023.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges."}], "id": "CVE-2023-33224", "lastModified": "2024-11-21T08:05:10.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-26T14:15:10.340", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-696"}], "source": "psirt@solarwinds.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}