CVE-2021-28674 : Exploit Details and Defense Strategies

SolarWinds Orion Platform before version 2020.2.5 HF1 is vulnerable to CVE-2021-28674, allowing an authenticated attacker with write permissions to create or delete a node outside their perimeter. The flaw lies in the predictable node IDs and incorrect access control on Services/NodeManagement.asmx/DeleteObjNow.

Understanding CVE-2021-28674

This section delves into the nature of the CVE-2021-28674 vulnerability.

What is CVE-2021-28674?

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 enables an attacker to manipulate nodes beyond their authorized scope by exploiting predictable node IDs and incorrect access controls.

The Impact of CVE-2021-28674

An attacker authenticated with write permissions can maliciously create or delete nodes, breaching the platform's security perimeter.

Technical Details of CVE-2021-28674

Explore the specifics of the CVE-2021-28674 vulnerability.

Vulnerability Description

The flaw arises from the predictable nature of node IDs and misconfigured access controls, leading to unauthorized node management actions.

Affected Systems and Versions

SolarWinds Orion Platform versions before 2020.2.5 HF1 are impacted by this vulnerability.

Exploitation Mechanism

To exploit this issue, an authenticated attacker with node management rights in a valid group on the platform can create or delete nodes.

Mitigation and Prevention

Discover the steps to mitigate and prevent CVE-2021-28674.

Immediate Steps to Take

Users should update to version 2020.2.5 HF1 or above to eliminate this vulnerability and review access permissions.

Long-Term Security Practices

Ensure strong authentication mechanisms, regularly monitor node activities, and review access controls to prevent similar exploits.

Patching and Updates

Regularly apply security patches and updates provided by SolarWinds to protect against known vulnerabilities.