CVE-2022-38108: 
SolarWinds Platform vulnerability analysis and mitigation

SolarWinds Platform was identified with a Deserialization of Untrusted Data vulnerability (CVE-2022-38108). The vulnerability was discovered on May 27, 2022, and publicly disclosed on October 21, 2022. This security flaw affects SolarWinds Platform 2022.3 and earlier versions, as well as Orion Platform 2020.2.6 HF5 and earlier versions (ZDI Advisory, SolarWinds Advisory).

The vulnerability exists within the MessageToBytes function of the SolarWinds Network Performance Monitor. The specific issue stems from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. The vulnerability has been assigned a CVSS v3.1 score of 7.2 (High), with the vector string AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability allows an authenticated attacker to execute arbitrary code in the context of SYSTEM on affected installations of SolarWinds Network Performance Monitor. The high privileges obtained through exploitation could lead to complete system compromise (ZDI Advisory).

SolarWinds released version 2022.4 RC1 to address this vulnerability. Additionally, they recommend following the guidance in the SolarWinds Secure Configuration Guide, which includes: not exposing the SolarWinds Platform website on the public Internet, disabling unnecessary ports and services, applying proper network segmentation, and configuring firewalls to limit access to port 5671 (SolarWinds Advisory).