Description
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
Vulnerability Information
- Product / Framework: Solarwinds
- Vendor Domain: www.solarwinds.com
- Vulnerability Type: Command Injection
- CVE Details: View Full CVE Details →