1/2/2023 0 Comments Solarwinds samSolarWinds Orion is prone to one vulnerability that could allow for authentication bypass. SolarWinds has also published a FAQ page that includes answers to several important questions including how to check your systems for compromise and information for work arounds if you are not able to upgrade your system to the latest patch level. SolarWinds has released the second hotfix patch for versions 2020.2.1 HF 2. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Depending on the privileges associated with the user an attacker could then install programs view, change, or delete data or create new accounts with full user rights. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. An HTML injection vulnerability (CVE-2020-13169).A security vulnerability due to a define visual basic script (CVE-2020-14005).Details of these vulnerabilities are as follows: Multiple Vulnerabilities have been discovered in SolarWinds Orion, the most severe of which could allow for arbitrary code execution. Large and medium business entities: HIGH.Large and medium government entities: HIGH.Security patches have been released for each of these versions specifically to address this new vulnerability. SolarWinds Orion Platform Version 2020.2 HF1.SolarWinds Orion Platform Version 2020.2.SolarWinds Orion Platform Version 2019.4 HF5. The Cybersecurity and Infrastructure Security Agency (CISA) released an alert detailing active exploitation of the SolarWinds Orion Platform software versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1. SolarWinds Orion is an IT performance monitoring platform that manages and optimizes IT infrastructure. Multiple Vulnerabilities in SolarWinds Orion Could Allow for Arbitrary Code Execution MS-ISAC ADVISORY NUMBER: 2020-166 DATE(S) ISSUED: OVERVIEW:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |