CVE-2022-36958: 
SolarWinds Platform vulnerability analysis and mitigation

SolarWinds Platform was identified with a Deserialization of Untrusted Data vulnerability (CVE-2022-36958), discovered in June 2022 and publicly disclosed on October 19, 2022. The vulnerability affects SolarWinds Platform 2022.3 and earlier versions, as well as Orion Platform 2020.2.6 HF5 and earlier. This security flaw allows remote attackers with valid access to the SolarWinds Web Console to execute arbitrary commands (ZDI Advisory, SolarWinds Advisory).

The vulnerability exists within the DeserializeFromStrippedXml function of the SolarWinds Network Performance Monitor. The specific issue stems from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. The vulnerability has been assigned a CVSS score of 8.8 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Authentication is required to exploit this vulnerability (ZDI Advisory).

An attacker who successfully exploits this vulnerability can execute arbitrary code in the context of SYSTEM, potentially gaining complete control over the affected system. The high CVSS score reflects the severe potential impact on confidentiality, integrity, and availability of the affected systems (ZDI Advisory).

SolarWinds has released version 2022.4 RC1 to address this vulnerability. The company recommends customers upgrade to this version as soon as it becomes available. Additionally, SolarWinds advises following the guidance provided in the SolarWinds Secure Configuration Guide and ensuring that only authorized users can access the SolarWinds Platform (SolarWinds Advisory).