Security News > 2021 > February > SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
The most severe of these could allow trivial remote code execution with high privileges.
The most critical bug does not require local access and allows complete control over SolarWinds Orion remotely without having any credentials at all.
"Unfortunately, it turned out to be an unsafe deserialization victim. [This] allows remote code execution by remote, unprivileged users through combining those two issues. Given that the message processing code runs as a Windows service configured to use LocalSystem account, we have complete control of the underlying operating system."
The second bug was also found in the SolarWinds Orion framework.
It allows unprivileged users who can log in locally or via Remote Desktop Protocol to obtain a cleartext password for the backend database for the Orion platform, called SolarWindsOrionDatabaseUser - and from there set themselves up as an admin to steal information.
"SolarWinds credentials are stored in an insecure manner that could allow any local users, despite privileges, to take complete control over the SOLARWINDS ORION database," according to Trustwave.
News URL
https://threatpost.com/solarwinds-orion-bug-remote-code-execution/163618/