Security News > 2021 > March > New Code Execution Flaws In Solarwinds Orion Platform

New Code Execution Flaws In Solarwinds Orion Platform
2021-03-25 19:14

Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks.

The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state software supply chain attacks.

The latest Orion Platform 2020.2.5 addresses at least four security flaws, one rated "Critical" because of the risk of remote code execution attacks.

A second bug, rated "High-risk" also brings remote code execution risk, Solarwinds warned.

"The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server."

Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/DwJLj6WR9qY/new-code-execution-flaws-solarwinds-orion-platform

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215