Security News > 2021 > February > SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems

SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems
2021-02-03 13:40

Cybersecurity firm Trustwave on Wednesday reported that one of its researchers recently discovered several potentially serious vulnerabilities in products made by Texas-based IT management solutions provider SolarWinds.

SolarWinds was recently targeted in a sophisticated supply chain attack that resulted in thousands of organizations receiving malicious updates for the company's Orion monitoring product, and a few hundred - ones that presented an interest to the attackers - getting other malware that may have given the hackers deep access into their networks.

Following the disclosure of the attack, Trustwave researchers decided to analyze SolarWinds products based on the Orion framework to see if they contain any vulnerabilities that could expose the company's customers to attacks.

"To the best of Trustwave's knowledge, none of the vulnerabilities were exploited during the recent SolarWinds attacks or in any 'in the wild' attacks," Trustwave said in a blog post.

"Following the recent nation-state attack against an array of American software providers, including SolarWinds, we have been collaborating with our industry partners and government agencies to advance our goal of making SolarWinds the most secure and trusted software company," SolarWinds said in an emailed statement.

Trustwave says it plans on releasing proof-of-concept code for these vulnerabilities only on February 9 in order to give SolarWinds customers more time to install the patches.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/xL75nXReeaY/solarwinds-product-vulnerabilities-allow-hackers-take-full-control-systems

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215