CVE-2021-35220

EmailWebPage Command Injection RCE

Description

Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.

Solution:

SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide.

Workaround:

If you are unable to upgrade immediately. See SolarWinds Knowledgebase Article Below: https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-EmailWebPage-Command-Injection-RCE-CVE-2021-35220?language=en_US

Link	Tags
https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US	patch vendor advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35220	vendor advisory
https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-EmailWebPage-Command-Injection-RCE-CVE-2021-35220?language=en_US	patch vendor advisory mitigation
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm	release notes patch vendor advisory

What is the severity of CVE-2021-35220?: CVE-2021-35220 has been scored as a high severity vulnerability.
How to fix CVE-2021-35220?: To fix CVE-2021-35220: SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide.
Is CVE-2021-35220 being actively exploited in the wild?: It is possible that CVE-2021-35220 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-35220?: CVE-2021-35220 affects SolarWinds Orion Platform.