Security News > 2021 > February > More patches for SolarWinds Orion after researchers find flaw allowing low-priv users to execute code, among others

As if that supply chain attack wasn't bad enough, SolarWinds has had to patch its Orion software again after eagle-eyed researchers discovered fresh vulnerabilities - including one that can be exploited to achieve remote code execution.

Ziv Mador, security research veep at Trustwave, the firm that found the flaws, told The Register: "It's very severe, not only because of the ability to run unauthorized code on the Orion platform, but also because anyone on the network, not even someone that has [no] access to that server, can do that."

Detailed in a blog post today, Trustwave discovered that SolarWinds' Orion network management product contained a remote code execution flaw that hinged on SolarWinds' use of the Microsoft Message Queue technology.

The vulns are not known to have been abused by miscreants who used Orion to infiltrate FireEye and the US government, among others, last year.

Trustwave also found a third flaw in another SolarWinds product, Serv-U FTP for Windows, allowing an authenticated attacker to create new admin accounts by simply copy-pasting crafted files into a target directory.

SolarWinds previously updated its Orion software to remove a backdoor secretly implanted in the code by suspected Russian hackers, who used the hidden hole to gain entry to selected organizations that deployed the tainted network monitoring suite.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/03/solarwinds_patch_trustwave/