Security News > 2020 > December > A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments.

According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could allow a remote attacker to execute unauthenticated API commands, thus resulting in a compromise of the SolarWinds instance.

"In particular, if an attacker appends a PathInfo parameter of 'WebResource.adx,' 'ScriptResource.adx,' 'i18n.ashx,' or 'Skipi18n' to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication."

It's worth noting that SolarWinds' updated security advisory on December 24 made note of an unspecified vulnerability in the Orion Platform that could be exploited to deploy rogue software such as SUPERNOVA. But exact details of the flaw remained unclear until now.

In the past week, Microsoft disclosed that a second threat actor might have been abusing SolarWinds' Orion software to drop an additional piece of malware called SUPERNOVA on target systems.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/StVyTQTleGY/a-new-solarwinds-flaw-likely-had-let.html