SolarWinds Orion API authentication bypass allows remote comand execution

guest · Dec 26, 2020

SolarWinds Orion API authentication bypass allows remote comand execution
Vulnerability Note VU#843464
December 26, 2020
https://kb.cert.org/vuls/id/843464

Overview
The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands.
Impact
This could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance.
Description
The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products.
The authentication of the API can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request to the API, which could allow an attacker to execute unauthenticated API commands. I
Click to expand...

Solution
Apply an Update
Users should update to the relevant versions of the SolarWinds Orion Platform: [...]
More information can be found on the SolarWinds Security Advisory.
Harden the IIS Server
Especially in cases when updates cannot be installed, we recommend that users implement these mitigations to harden their IIS server.
Click to expand...

plat · Aug 16, 2021

Here's an interesting little bit: SolarWinds is owned by Thoma Bravo holdings it seems. The same corp. that owns Sophos, a majority stake in McAfee and a whole bunch of others. Good thing it has all those assets; prob. there are-- or will be-- lawsuits stemming from that breach.

Thoma Bravo Portfolio Companies

Apologies if this has been posted already elsewhere.

Log in or Sign up

SolarWinds Orion API authentication bypass allows remote comand execution

guest Guest

plat Registered Member

Log in or Sign up

SolarWinds Orion API authentication bypass allows remote comand execution

guest Guest

plat Registered Member

Useful Searches