CVE-2021-35220 : What You Need to Know
Learn about CVE-2021-35220, a Command Injection vulnerability in the EmailWebPage API of SolarWinds' Orion Platform, allowing Remote Code Execution. Find mitigation steps and solutions.
This article provides insights into the EmailWebPage Command Injection RCE vulnerability (CVE-2021-35220) found in SolarWinds' Orion Platform. It covers the impact, technical details, mitigation steps, and recommended solutions.
Understanding CVE-2021-35220
CVE-2021-35220 is a Command Injection vulnerability in the EmailWebPage API of SolarWinds' Orion Platform, potentially leading to Remote Code Execution (RCE) from the Alerts Settings page.
What is CVE-2021-35220?
The vulnerability allows attackers to execute arbitrary commands through the EmailWebPage API, enabling unauthorized remote code execution.
The Impact of CVE-2021-35220
With a CVSS base score of 8.1 (High), this vulnerability has a significant impact on confidentiality, integrity, and privilege requirements. Attackers with high privileges can exploit it to execute malicious commands remotely.
Technical Details of CVE-2021-35220
The vulnerability affects the Windows platform and the Orion Platform versions 2020.2.6 and previous, including 2020.2.6 HF1. The attack complexity is low, and the attack vector is through adjacent network access.
Vulnerability Description
The vulnerability stems from inadequate input validation in the EmailWebPage API, allowing threat actors to inject malicious commands.
Affected Systems and Versions
SolarWinds' Orion Platform versions up to and including 2020.2.6 HF1 on Windows are affected by this vulnerability.
Exploitation Mechanism
Attackers exploit the vulnerability by injecting malicious commands through the EmailWebPage API, enabling them to achieve remote code execution.
Mitigation and Prevention
To safeguard against CVE-2021-35220, immediate actions and long-term security practices are recommended.
Immediate Steps to Take
It is crucial to install the 2020.2.6 Hotfix 1 for the Orion Platform promptly. Additionally, consider the recommendations outlined in the Orion Secure Configuration Guide.
Long-Term Security Practices
Ensure timely software updates, implement secure configuration settings, and conduct regular security audits to identify and address potential vulnerabilities.
Patching and Updates
Stay informed about security advisories from SolarWinds and promptly apply patches and updates to mitigate the risks associated with CVE-2021-35220.