The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITYSYSTEM. Exploit Files ≈ Packet Storm