Cyber Resilience

CVE-2020-10148

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 29 December 2020

Published
29 December 2020
Modified
24 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9435 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-10148 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Solarwinds Orion Platform. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

The vulnerability is an authentication bypass in the SolarWinds Orion API, tracked as CVE-2020-10148 with CVSS score 9.8. It affects the SolarWinds Orion Platform in versions 2019.4 HF 5, 2020.2 without hotfix, and 2020.2 HF 1, and is associated with CWE-288 and CWE-306. The flaw permits remote attackers to issue API commands without valid credentials, which can lead to full compromise of the SolarWinds instance.

An unauthenticated remote attacker can exploit the weakness over the network to bypass authentication controls and directly execute arbitrary API operations. Successful exploitation grants the attacker the ability to read, modify, or delete data and configuration settings within the Orion environment, potentially resulting in complete control of the monitoring platform and any connected systems.

SolarWinds has published a security advisory detailing the issue, and the CERT Coordination Center has released vulnerability note VU#843464 that references the same advisory and affected versions. These sources direct administrators to apply vendor-supplied hotfixes or upgrade to a patched release to eliminate the authentication bypass.

EU & UK References

Vulnerability details

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise…

more

of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

solarwinds
orion platform
2019.4, 2020.2, 2020.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces authentication and authorization checks on all API requests, directly blocking the unauthenticated command execution path in CVE-2020-10148.

prevent

Requires valid identification and authentication before granting access to organizational users or services, eliminating the authentication bypass exploited by the Orion API flaw.

prevent

Mandates prompt application of vendor hotfixes or upgrades that close the specific authentication bypass in the listed SolarWinds Orion versions.

References