SolarWinds Network Performance Monitor is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Information
Bugtraq ID: 101071Class: Input Validation Error
CVE: CVE-2017-9537
Remote: Yes
Local: No
Published: Sep 29 2017 12:00AM
Updated: Sep 29 2017 12:00AM
Credit: Andy Tan
Vulnerable: SolarWinds Orion Platform 2017.3 Hotfix 1
SolarWinds Network Performance Monitor 12.0.15300.90
SolarWinds Network Performance Monitor 11.5
SolarWinds Network Performance Monitor 10.7
Not Vulnerable:
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- [CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities (Seclists.org)
- SolarWinds Homepage (SolarWinds)