Unrated severityNVD Advisory· Published Feb 18, 2019· Updated Aug 4, 2024
CVE-2019-8917
CVE-2019-8917
Description
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <12.4
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/107061mitrevdb-entryx_refsource_BID
- github.com/VerSprite/research/blob/master/advisories/VS-2019-001.mdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.