Security News > 2021 > February > SolarWinds Orion exploited by another group of state-sponsored hackers
Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday.
Unlike the alleged Russian attackers who inserted malware directly into the company's Orion network monitoring platform by compromising its build environment, another group has simply found and exploited a vulnerability in the software.
SolarWinds confirmed that one unnamed customer was compromised by a second group of attackers, but that the vulnerability in its Orion platform was only exploited once the attackers already gained access to that customer's network by other means.
CVE-2021-25274, affecting SolarWinds Orion, can be exploited by unprivileged users to achieve remote code execution.
CVE-2021-25275, affecting SolarWinds Orion, can be exploited by unprivileged users who can log in to the box locally or via RDP to discover the credentials needed to access the backend database.
"To the best of Trustwave's knowledge, none of the vulnerabilities were exploited during the recent SolarWinds attacks or in any 'in the wild' attacks," Rakhmanov noted.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/krHtvxO7M3U/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2021-25274 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. | 10.0 |
| 2021-02-03 | CVE-2021-25275 | Use of Hard-coded Credentials vulnerability in Solarwinds Orion Platform SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. | 2.1 |