NPM Netpath Horizontal Privilege Escalation Vulnerability (CVE-2021-35225)

Summary

Each authenticated Orion user in the MSP (Managed Service Provider) environment can view and browse all NetPath Services from all MSP's customers. This can lead to any user having a limited insight into other customers' infrastructure and potential data cross-contamination.

Affected Products

  • Network Performance Monitor 2020.2.6 HF1 and earlier

Fixed Software Release

Acknowledgments

  • Preston Deason
  • Chad Larsen
  • Zachary Riezenman
Advisory Details
Severity
Medium
Advisory ID

CVE-2021-35225

First Published
10/19/2021
Fixed Version

NPM 2020.2.6 HF2

Workarounds

Workaround 1

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/


S:C/C:L/I:N/A:N

Download PDF
Send an Email