SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

2021-02-03 11:00

The most severe of these could allow trivial remote code execution with high privileges.

The most critical bug does not require local access and allows complete control over SolarWinds Orion remotely without having any credentials at all.

"Unfortunately, it turned out to be an unsafe deserialization victim. [This] allows remote code execution by remote, unprivileged users through combining those two issues. Given that the message processing code runs as a Windows service configured to use LocalSystem account, we have complete control of the underlying operating system."

The second bug was also found in the SolarWinds Orion framework.

It allows unprivileged users who can log in locally or via Remote Desktop Protocol to obtain a cleartext password for the backend database for the Orion platform, called SolarWindsOrionDatabaseUser - and from there set themselves up as an admin to steal information.

"SolarWinds credentials are stored in an insecure manner that could allow any local users, despite privileges, to take complete control over the SOLARWINDS ORION database," according to Trustwave.

News URL

https://threatpost.com/solarwinds-orion-bug-remote-code-execution/163618/

#codeexecution #solarwinds #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	104	80	50	267