CVE-2021-35246 is a vulnerability identified in SolarWinds Engineer's Toolset versions 2022.3 and earlier. The core issue stems from the application's failure to enforce encrypted connections, allowing users to connect over unencrypted channels. Specifically, the application does not prevent or enforce SSL/TLS usage, which means that an attacker with the capability to intercept or modify network traffic between a legitimate user and the application can downgrade or bypass encryption protections. This vulnerability is categorized under CWE-319, which relates to inappropriate encoding for output context, indicating that sensitive data may be exposed or manipulated due to improper handling of secure communication protocols. The lack of enforced encryption opens the door for man-in-the-middle (MitM) attacks, where an adversary can eavesdrop, alter, or inject malicious content into the communication stream. While no known exploits have been reported in the wild, the vulnerability presents a significant risk because it undermines the confidentiality and integrity of data transmitted between the Engineer's Toolset and its users. Given that SolarWinds Engineer's Toolset is widely used for network management and monitoring, compromising its communication channels could allow attackers to gather sensitive network information or disrupt network operations.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on SolarWinds Engineer's Toolset for critical network infrastructure management. The ability of an attacker to intercept or manipulate unencrypted communications could lead to unauthorized disclosure of sensitive network data, including configuration details, credentials, or monitoring information. This exposure can facilitate further attacks such as lateral movement within networks, data exfiltration, or disruption of network services. Additionally, the integrity of network management operations could be compromised, potentially causing misconfigurations or false alerts that degrade operational reliability. Given the strategic importance of network infrastructure in sectors such as finance, telecommunications, energy, and government, exploitation of this vulnerability could have cascading effects on service availability and trust. The vulnerability's medium severity rating reflects the fact that exploitation requires network-level access and the ability to intercept traffic, which may limit the attack surface but does not eliminate the risk, especially in environments with insufficient network segmentation or monitoring.

To mitigate this vulnerability, European organizations should take the following specific actions: 1) Immediately upgrade SolarWinds Engineer's Toolset to the latest version where this issue is addressed or apply any available patches from SolarWinds. 2) Enforce network policies that restrict access to the Engineer's Toolset management interfaces to trusted, internal networks only, minimizing exposure to untrusted networks where MitM attacks are more feasible. 3) Implement network-level encryption enforcement using technologies such as TLS inspection or VPN tunnels to ensure all communications to and from the toolset are encrypted, even if the application itself does not enforce it. 4) Deploy network intrusion detection and prevention systems (IDS/IPS) to monitor for anomalous traffic patterns indicative of MitM or traffic manipulation attempts. 5) Conduct regular security audits and penetration tests focusing on network communication security to identify and remediate similar weaknesses. 6) Educate network administrators and users about the risks of connecting over untrusted networks and the importance of verifying secure connections. 7) Where possible, isolate management tools like Engineer's Toolset within dedicated management VLANs or segments with strict access controls to reduce the risk of interception.