Overview
The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands.
Description
The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion Platform products. The authentication of the API can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request to the API, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.
Impact
This could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance.
Solution
Apply an Update
Users should update to the relevant versions of the SolarWinds Orion Platform:
2019.4 HF 6 (released December 14, 2020)
2020.2.1 HF 2 (released December 15, 2020)
2019.2 SUPERNOVA Patch (released December 23, 2020)
2018.4 SUPERNOVA Patch (released December 23, 2020)
2018.2 SUPERNOVA Patch (released December 23, 2020)
More information can be found on the SolarWinds Security Advisory.
Harden the IIS Server
Especially in cases when updates cannot be installed, we ..
Support the originator by clicking the read the rest link below.
