CVE-2024-52612 – SolarWinds Platform contains a reflected cross-... (How to Fix)

Q: What is the severity of CVE-2024-52612?

CVE-2024-52612 has a CVSS score of 6.8 (MEDIUM). SolarWinds Platform contains a reflected cross-site scripting vulnerability that allows authenticated high-privileged attackers to inject malicious scripts into web pages. This vulnerability affects SolarWinds Platform installations with insufficient input sanitization. Only authenticated high-privileged users can exploit this vulnerability.

📋 TL;DR

SolarWinds Platform contains a reflected cross-site scripting vulnerability that allows authenticated high-privileged attackers to inject malicious scripts into web pages. This vulnerability affects SolarWinds Platform installations with insufficient input sanitization. Only authenticated high-privileged users can exploit this vulnerability.

💻 Affected Systems

Products:

SolarWinds Platform

Versions: Versions prior to 2025.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication with high-privileged account. All default configurations are vulnerable.

📦 What is this software?

Solarwinds Platform by Solarwinds

View all CVEs affecting Solarwinds Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

High-privileged attacker could steal session cookies, perform actions as other users, or redirect to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Privilege escalation within the SolarWinds platform, session hijacking of other administrators, or credential theft.

🟢

If Mitigated

Limited impact due to authentication requirements and privilege restrictions, but still poses risk to administrative accounts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated high-privileged access. Attack complexity is low once authentication is achieved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.1

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-52612

Restart Required: Yes

Instructions:

1. Download SolarWinds Platform 2025.1 from SolarWinds customer portal. 2. Backup current configuration and database. 3. Run the installer with administrative privileges. 4. Follow upgrade wizard. 5. Restart SolarWinds services after installation.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for all user-supplied parameters in web interfaces

Privilege Reduction

all

Reduce number of high-privileged accounts and implement principle of least privilege

🧯 If You Can't Patch

Implement strict access controls to limit high-privileged account access to SolarWinds web interface
Deploy web application firewall with XSS protection rules and monitor for suspicious parameter values

🔍 How to Verify

Check if Vulnerable:

Check SolarWinds Platform version in web interface under Settings > All Settings > Product Information

Check Version:

Not applicable - check via web interface or SolarWinds Orion Configuration Wizard

Verify Fix Applied:

Verify version is 2025.1 or later and test input parameters for proper sanitization

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in web requests
Multiple failed authentication attempts followed by successful high-privilege login
Suspicious JavaScript in URL parameters

Network Indicators:

HTTP requests with encoded script tags in parameters
Unusual traffic patterns to SolarWinds web interface

SIEM Query:

source="solarwinds" AND (url="*<script>*" OR param="*javascript:*" OR param="*onerror=*" OR param="*onload=*")

📊 Metadata

CVE ID: CVE-2024-52612

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.18% exploit probability (39.8th percentile)

Published: February 11, 2025

Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52612, you might also want to check these: