As if that supply chain attack wasn't bad enough, SolarWinds has had to patch its Orion software again after eagle-eyed researchers discovered fresh vulnerabilities – including one that can be exploited to achieve remote code execution.
Ziv Mador, security research veep at Trustwave, the firm that found the flaws, told The Register: "It's very severe, not only because of the ability to run unauthorized code on the Orion platform, but also because anyone on the network, not even someone that has [no] access to that server, can do that."
Detailed in a blog post today, Trustwave discovered that SolarWinds' Orion network management product contained a remote code execution (RCE) flaw (CVE-2021-25274) that hinged on SolarWinds' use of the Microsoft Message Queue technology.
The vulns are not known to ..
Support the originator by clicking the read the rest link below.
