SolarWinds Network Performance Monitor CVE-2017-9538 Denial of Service Vulnerability

SolarWinds Network Performance Monitor is prone to a denial-of-service vulnerability.

Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users.

Information

Bugtraq ID: 101066
Class: Design Error
CVE: CVE-2017-9538

Remote: Yes
Local: No
Published: Sep 29 2017 12:00AM
Updated: Sep 29 2017 12:00AM
Credit: Andy Tan
Vulnerable: SolarWinds Orion Platform 2017.3 Hotfix 1
SolarWinds Network Performance Monitor 12.0.15300.90
SolarWinds Network Performance Monitor 11.5
SolarWinds Network Performance Monitor 10.7
SolarWinds Network Performance Monitor 10.6.1

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

[CVE-2017-9538] Persistent Application Denial of Service (Seclists.org)
SolarWinds Homepage (SolarWinds)

Source: www.securityfocus.com

Exploit Collector

Search Exploit