Orion Platform SQL Injection Privilege Escalation Vulnerability

Vulnerability

SolarWinds Orion Platform is susceptible to a SQL Injection vulnerability (CVE-2022-36961). The flaw resides in a vulnerable component of the platform, requiring an authenticated user to exploit it. Affected versions include builds prior to the fix released on September 30, 2022 [1].

Exploitation

An attacker must first authenticate to the Orion Platform instance. Once authenticated, the attacker can craft requests that inject malicious SQL queries into the vulnerable component. The specifics of the injection point or required user role are not detailed in the available references, but the attack does not require any special network position beyond authenticated access to the web interface or API [1].

Impact

Successful exploitation could allow an authenticated attacker to perform privilege escalation, gaining higher permissions within the platform, or directly achieve remote code execution (RCE). This effectively compromises confidentiality, integrity, and availability of the affected system [1].

Mitigation

SolarWinds released a hotfix for Orion Platform on September 30, 2022, to address this vulnerability. Users should apply the latest update immediately. No workarounds have been published. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].