CVE-2020-25621
HIGH
8,4
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
LOW
2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0021
Percentile
0,4th
Updated
EPSS Score Trend (Last 90 Days)
306
Missing Authentication for Critical Function
DraftCommon Consequences
Security Scopes Affected:
Access Control
Other
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Applicable Platforms
Technologies:
Cloud Computing, ICS/OT
Application
N-Central by Solarwinds
CPE Identifier
View Detailed Analysis
cpe:2.3:a:solarwinds:n-central:12.3.0.670:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://ernw.de/en/publications.html
https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/
https://support.solarwinds.com/SuccessCenter/s/
https://ernw.de/en/publications.html
https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/
https://support.solarwinds.com/SuccessCenter/s/