SolarWinds MSP Patch Management Engine CVE-2020-12608 Incorrect Default Permissions Vulnerability
Description
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\\SolarWinds MSP\\SolarWinds.MSP.CacheService\\config\\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
Affected Applications
SolarWinds Managed Service Provider Patch Management Engine