SolarWinds Information Service (SWIS) Remote Command Execution
Posted by deepcore on March 29, 2023 – 12:15 pm
The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITYSYSTEM.
Post a reply
You must be logged in to post a comment.