Security News > 2021 > February > SolarWinds Orion exploited by another group of state-sponsored hackers

SolarWinds Orion exploited by another group of state-sponsored hackers
2021-02-03 13:02

Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday.

Unlike the alleged Russian attackers who inserted malware directly into the company's Orion network monitoring platform by compromising its build environment, another group has simply found and exploited a vulnerability in the software.

SolarWinds confirmed that one unnamed customer was compromised by a second group of attackers, but that the vulnerability in its Orion platform was only exploited once the attackers already gained access to that customer's network by other means.

CVE-2021-25274, affecting SolarWinds Orion, can be exploited by unprivileged users to achieve remote code execution.

CVE-2021-25275, affecting SolarWinds Orion, can be exploited by unprivileged users who can log in to the box locally or via RDP to discover the credentials needed to access the backend database.

"To the best of Trustwave's knowledge, none of the vulnerabilities were exploited during the recent SolarWinds attacks or in any 'in the wild' attacks," Rakhmanov noted.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/krHtvxO7M3U/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2021-25274 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues.
network
low complexity
solarwinds CWE-502
critical
9.8
2021-02-03 CVE-2021-25275 Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users.
local
low complexity
solarwinds CWE-798
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215