CVE-2021-35218 : Security Advisory and Response
Learn about CVE-2021-35218, a remote code execution vulnerability affecting SolarWinds Patch Manager on Windows systems. Understand the impact, technical details, and mitigation strategies.
A remote code execution vulnerability, CVE-2021-35218, affects SolarWinds Patch Manager on Windows systems. The flaw allows an unauthorized attacker to exploit deserialization of untrusted data in the Web Console Chart Endpoint, potentially compromising the server.
Understanding CVE-2021-35218
This section provides insights into the vulnerability, its impact, technical details, and mitigation strategies.
What is CVE-2021-35218?
CVE-2021-35218 is a deserialization vulnerability in the Orion Patch Manager Web Console, enabling remote code execution for malicious actors with network access. The issue affects SolarWinds Patch Manager on Windows platforms.
The Impact of CVE-2021-35218
The vulnerability poses a high severity risk with a CVSS base score of 8.9, leading to compromised confidentiality, integrity, and high privileges for attackers. Attackers can exploit the vulnerability to execute remote code through the Chart Endpoint.
Technical Details of CVE-2021-35218
This section delves into the specific technical aspects of the vulnerability, including its description, affected systems, and exploitation mechanisms.
Vulnerability Description
The vulnerability arises due to improper deserialization of untrusted data in the Web Console Chart Endpoint, resulting in the potential for remote code execution by unauthorized attackers.
Affected Systems and Versions
SolarWinds Patch Manager versions prior to 2020.2.6, specifically version 2020.5 and earlier, running on Windows platforms are vulnerable to this exploit.
Exploitation Mechanism
Attackers with network access to the Orion Patch Manager Web Console can exploit the deserialization vulnerability within the Chart Endpoint to remotely execute malicious code.
Mitigation and Prevention
To safeguard systems from CVE-2021-35218, immediate steps and long-term security practices are crucial.
Immediate Steps to Take
Users should apply the provided solution, updating to the fixed version - Patch Manager module for Orion Platform version 2020.2.6. Additionally, restrict network access to prevent unauthorized exploitation.
Long-Term Security Practices
Regularly update software and apply security patches promptly to mitigate known vulnerabilities. Employ network segmentation and access controls to limit attack surfaces.
Patching and Updates
Stay informed about security advisories from SolarWinds and implement timely patches to secure systems against evolving threats.