CVE-2022-36964: 
SolarWinds Platform vulnerability analysis and mitigation

SolarWinds Platform was susceptible to a Deserialization of Untrusted Data vulnerability (CVE-2022-36964), discovered and disclosed in November 2022. This vulnerability affects SolarWinds Platform 2022.3 and earlier versions, as well as Orion Platform 2020.2.6 HF5 and earlier. The vulnerability allows a remote adversary with valid access to the SolarWinds Web Console to execute arbitrary commands (SolarWinds Advisory).

The vulnerability has been assigned a CVSS score of 8.8 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The specific flaw exists within the DeserializeFromStrippedXml function, resulting from the lack of proper validation of user-supplied data, which can lead to deserialization of untrusted data (ZDI Advisory).

An attacker who successfully exploits this vulnerability can execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform. The attack requires valid access to the SolarWinds Web Console, but can result in complete system compromise with high confidentiality, integrity, and availability impacts (SolarWinds Advisory, ZDI Advisory).

SolarWinds has released version 2022.4 to address this vulnerability. The company recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible. Additionally, customers are advised to follow the guidance provided in the SolarWinds Secure Configuration Guide and ensure only authorized users can access the SolarWinds Platform (SolarWinds Advisory).