SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely.
The Orion Platform is an IT administration solution that enables enterprise organizations to manage, optimize, and monitor their on-premises, hybrid, or software as a service (SaaS) IT infrastructures.
Patches for critical and high severity vulnerabilities
The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions.
Luckily, despite being rated as critical by SolarWinds, only authenticated users can successfully exploit this vulnerability.
A second RCE vulnerability rated as high severity that attackers could use to execute arbitrary code remotely as an Administrator was addressed in the SolarWinds Orion Job Scheduler.
However, this flaw also requires the attackers to know an unprivileged local account's credentials on the targeted Orion Server.
The two vulnerabilities, reported through Trend Micro's Zero Day Initiative, haven't yet been assigned CVE ID numbers.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
| Pending | RCE via Actions and JSON Deserialization | A remote code execution vulnerability has been found via the test alert actions. An Orion authenticated user is required to exploit this. | Critical | ZDI Trend Micro |
| Pending | SolarWinds Orion Job Scheduler RCE | The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server. | High | Harrison Neal, ZDI Trend Micro |
| CVE-2020-35856 | Stored XSS in Customize view | A stored XSS vulnerability was found in the add custom tab within customize view page by a security researcher. This vulnerability requires Orion administrator account to exploit this. | High | Jhon Jaro |
| CVE-2021-3109 | Reverse Tabnabbing and Open Redirect | A Reverse Tabnabbing and Open Redirect vulnerability was found in the custom menu item options page by a security researcher. This vulnerability requires an Orion administrator account to exploit this. | Medium | Jhon Jaro |
Orion Platform security improvements
SolarWinds has also included several security improvements in this new Orion Platform release, including:
- Orion XSS prevention improvements and related fixes.
- Communication channel improvements for internal SolarWinds services.
- DB Manager UAC protection
- AngularJS upgraded to 1.8.0
- Moment.JS upgraded to 2.29.1
Administrators can deploy the security updates and the additional security improvements by installing the Orion Platform 2020.2.5 release.
"If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions," SolarWinds explained.
Admins upgrading from an Orion Platform 2019.2 installation don't need to download the Orion Installer first. They can also upgrade the entire Orion deployment by going to the My Orion Deployment page and navigating to Settings > My Orion Deployment > Updates & Evaluations.
SolarWinds patch three other critical vulnerabilities last month, one of them allowing remote unauthenticated threat actors to take over Orion servers.
.jpg)
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now