SolarWinds Orion Job Scheduler Remote Code Execution Vulnerability (CVE-2021-31475)

Summary

The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server.

Affected Products

  • Orion Platform 2020.2.1 HF2 and earlier

Fixed Software Release

Acknowledgments

  • Harrison Neal
  • ZDI Trend Micro
Advisory Details
Severity
High
Advisory ID

CVE-2021-31475

First Published
03/25/2021
Fixed Version

Orion Platform 2020.2.5

CVSS Score
Download PDF
Send an Email