CVE-2022-47508 : Security Advisory and Response
Discover how CVE-2022-47508 affects SolarWinds Server & Application Monitor (SAM), the high confidentiality impact, and mitigation steps. Upgrade to version 2023.1 now!
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
Understanding CVE-2022-47508
SolarWinds Server & Application Monitor (SAM) versions 2022.4.1 and prior are affected by improper authentication leading to high confidentiality impact.
What is CVE-2022-47508?
CVE-2022-47508 in SolarWinds SAM allows attackers to bypass expected Kerberos configurations, resulting in unexpected NTLM Traffic.
The Impact of CVE-2022-47508
The vulnerability poses a high risk with a CVSS base score of 7.5, impacting confidentiality but not integrity or availability.
Technical Details of CVE-2022-47508
The CVSS v3.1 vector indicates a network-based attack with low complexity and no special privileges required.
Vulnerability Description
Improper authentication in SolarWinds SAM leads to unauthorized usage of NTLM Traffic instead of expected Kerberos.
Affected Systems and Versions
SolarWinds SAM versions 2022.4.1 and earlier are susceptible to this vulnerability.
Exploitation Mechanism
Attackers can exploit this issue by leveraging the NTLM Traffic to bypass expected Kerberos configurations.
Mitigation and Prevention
It is crucial for all SolarWinds Platform customers to upgrade to the latest version (2023.1) to address CVE-2022-47508.
Immediate Steps to Take
Upgrade to SolarWinds Platform version 2023.1 to mitigate the risk of unauthorized NTLM Traffic.
Long-Term Security Practices
Regularly monitor for security advisories and apply patches promptly to protect against known vulnerabilities.
Patching and Updates
Stay informed about security updates from SolarWinds and ensure timely implementation to safeguard against potential threats.