SolarWinds Orion Platform Multiple Vulnerabilities
Last Update Date:
15 Dec 2020 10:55
Release Date:
15 Dec 2020
3933
Views
RISK: High Risk
TYPE: Servers - Network Management
Multiple vulnerabilities were identified in SolarWinds Orion Platform, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution and sensitive information disclosure on the targeted system.
Note: These Vulnerabilities were reported being used In scattered attacks.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Orion Platform versions 2019.4 HF 5 and 2020.2 with no hotfix or with 2020.2 HF 1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://www.solarwinds.com/securityadvisory
Vulnerability Identifier
- No CVE information is available
Source
Related Link
- https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html
- https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
- https://www.solarwinds.com/securityadvisory
- https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software
Share with