On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of which is an authenticated remote code execution flaw due to a JSON deserialization weakness. Fixes for these weaknesses are in Orion Platform 2020.2.5.
Given the attention attackers have paid to SolarWinds Orion in the past 4+ months, Rapid7 urges affected organizations to prioritize patching within an accelerated patch window if possible, and at the very least within the 30-day window if you are following the typical 30-60-90 day patch criticality cadence.
InsightVM and Nexpose customers can assess their exposure to these CVEs with authenticated vulnerability checks.
Vulnerability details
The Rapid7 vulnerability research team is investigating the following four new flaws in the Orion platform:
The most critical vulnerability — an authenticated remote code execution weakness via Actions and JSON Deserialization lies within the test alert actions and has no assigned CVE identifier as of March 26, 2021. The “test alert actions” functionality is a way for Orion users to test network-level event triggers that can be set up to send alerts. While exploitation requires non-administrative-level authentication, recent history has shown that this does not seem to thwart sophisticated attackers all that much.
The second remote code authentication weakness in the SolarWinds Orion Job Scheduler also requires authentication via non-administrative-level credentials and provides successful attackers with Administrator-level execution privileges on targeted systems. This, too, has no assigned CVE but has been rated as high by SolarWinds.
CVE-2021-3109 is a reverse tabnabbing and open redirect flaw discovered by resear ..
Support the originator by clicking the read the rest link below.
