cvedb.io
CVE-2017-7722
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2017-04-12T16:59:00.180 · Last modified 2026-06-17T01:25:02.510

Summary

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.

Affected products

solarwinds — log_\&_event_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when solarwinds ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.