• Solutions

    • Solutions

    • Scan
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.
    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.
    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.
    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.
    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.
    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.
    • Am I meeting requisite compliance standards? Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.
  • Cloud Subscriptions

    • Frontline Cloud Subscriptions

    • Frontline Advanced™
    • Frontline Pro™
    • Frontline PCI Pro™
    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.
    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.

    • Frontline Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.

    • Frontline Pen Test™
    • Frontline WAS Advanced™
    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.

    • Frontline Web Application Scanning Advanced (WAS Advanced) as a subscription will provide the highest level of results through a system that is easily deployed and maintained.

  • Platform

    • Platform

    • Frontline RNA™
    • Frontline VM™
    • Frontline WAS™
    • Frontline Reconnaissance Network Appliance (RNA) is a preconfigured network based device used to perform network security assessments without requiring onsite staff.
    • Frontline Vulnerability Manager (VM) is the industry’s most comprehensive, accurate, and easy to use VM platform – bar none.

    • Frontline Web Application Scanning (WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained.

  • Network Security Technologies

    • Technologies

    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™

    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.

    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.
    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™,
  • Professional Services

    • Professional Services

    • Frontline Pen Test Project™
    • Frontline Social Test™
    • Frontline Cyber Threat Management™
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.
    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.

    • Frontline Cyber Threat Management solutions offer organizations expert threat intelligence to evaluate their level of risk in the ‘open, deep and dark web’.

    • SecurED™ Training
    • TEAM™
    • Consultative Services
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.

    • TEAM is a comprehensive online learning management system that helps you address Security Training, Education, and Awareness Module (TEAM™) to reduce risk.

    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.

  • Get a Quote

DDIVRT-2015-55 SolarWinds Log and Event Manager Remote Command Execution

by | Oct 27, 2015 | Blog, DDI Labs, Vulnerability Research Team

Title: DDIVRT-2015-55 SolarWinds Log and Event Manager Remote Command Execution
Severity: High
Date Discovered: August 15, 2015
Discovered By:  Chris Graham @cgrahamseven

 

Vulnerability Description:
SolarWinds Log and Event Manager (LEM) is vulnerable to an Extensible Markup Language (XML) external entity injection through the agent message processing service. This service listens on TCP port 37891. Using a crafted XML message, an attacker can trigger the vulnerability and force the disclosure of arbitrary files on the appliance. This vulnerability can be abused to allow remote execution of arbitrary system commands, which will lead to complete compromise of the LEM appliance and furthermore lead to full control of any connected endpoint agents that may be deployed throughout the enterprise.

Solution Description:
A vulnerability mitigation solution for this security issue is not available at this time. End-users can mitigate this flaw by limiting access to affected systems through the use of access controls.

SolarWinds has been made aware of the issue and is actively working to resolve it. Contact SolarWinds Support with any questions at: 866.530.8040, option 3.

Tested Systems / Software:
SolarWinds Log and Event Manager 6.1.0 Virtual Appliance

Vendor Name: SolarWinds
Vendor Website: http://www.SolarWinds.com/siem-security-information-event-management-software.aspx