Unrated severityNVD Advisory· Published Apr 22, 2021· Updated Aug 3, 2024

CVE-2021-27277

Description

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11955.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

SolarWinds/Orion Virtual Infrastructure Monitorllm-create2 versions
<=2020.2.4+ 1 more
- (no CPE)range: <=2020.2.4
- (no CPE)range: 2020.2

Patches

Vulnerability mechanics

References

documentation.solarwinds.com/en/Success_Center/SAM/Content/Release_Notes/SAM_2020-2-5_release_notes.htmmitrex_refsource_MISC
www.zerodayinitiative.com/advisories/ZDI-21-373/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000