SolarWinds MSP Patch Management Engine CVE-2020-12608 Incorrect Default Permissions Vulnerability

description-logoDescription

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\\SolarWinds MSP\\SolarWinds.MSP.CacheService\\config\\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.

affected-products-logoAffected Applications

SolarWinds Managed Service Provider Patch Management Engine

CVE References

CVE-2020-12608