Critical Remote Code Execution Vulnerability Found in SolarWinds Orion Platform

On March 26, 2021, SolarWinds, a provider of IT infrastructure management solutions, announced a new update for its Orion network monitoring tool, addressing four security vulnerabilities. Among these, two critical flaws could be exploited by an authenticated attacker for remote code execution (RCE).

The most concerning issue involves a JSON deserialization vulnerability, allowing authenticated users to run arbitrary code through the “test alert actions” feature in the Orion Web Console, which simulates network events like unresponsive servers to trigger alerts during setup. This flaw has been classified as critical in severity.

The second vulnerability poses a high risk as it enables an attacker to execute RCE in the Orion Job Scheduler, although the attacker must first possess the credentials of an unprivileged local account on the Orion Server to exploit it. SolarWinds provided limited technical details in its advisory.

Critical Remote Code Execution Vulnerability Discovered in SolarWinds Orion Platform

On March 25, 2021, SolarWinds, a provider of IT infrastructure management solutions, released an important update for its Orion networking monitoring tool, addressing several security vulnerabilities. Among the fixes are two significant issues that could be exploited by authenticated attackers to achieve remote code execution (RCE), raising substantial concerns among cybersecurity experts and business owners alike.

The most pressing vulnerability stems from a JSON deserialization flaw found within the Orion Web Console’s test alert actions feature. This feature allows users to simulate network events, such as an unresponsive server, and configure alerts in response. If exploited, an authenticated user could execute arbitrary code, making it imperative for organizations to prioritize patching this critical flaw to ensure their systems remain secure.

Additionally, another high-risk vulnerability has been identified in the Orion Job Scheduler, which could potentially enable an attacker to execute RCE. According to SolarWinds’ release notes, successful exploitation of this vulnerability requires knowledge of the credentials associated with an unprivileged local account on the Orion Server. This additional access requirement underscores the importance of maintaining stringent credential management practices to minimize the risks associated with unauthorized access.

Given the nature of these vulnerabilities, they pose significant risks to organizations that utilize the Orion Platform for their networking needs. Attackers could leverage techniques outlined in the MITRE ATT&CK framework, such as initial access and privilege escalation, to gain footholds within affected systems. The requirement for authenticated access complicates the exploitation process but does not eliminate the potential for compromise, particularly if attackers can harvest credentials through other means, such as phishing or insider threats.

Organizations in the U.S. using the Orion Platform are urged to review their security postures and prioritize the implementation of the latest updates issued by SolarWinds. In an environment where cyber threats are increasingly sophisticated, understanding and addressing vulnerabilities such as these is essential for safeguarding sensitive data and maintaining operational integrity.

The advisory from SolarWinds serves as a critical reminder of the ever-evolving landscape of cybersecurity threats. Business owners must remain vigilant in their efforts to secure their IT environments against potential attacks that seek to exploit known vulnerabilities. The ongoing challenge of cybersecurity mandates a proactive approach involving regular updates, rigorous credential management, and comprehensive employee training on security best practices.

As the cybersecurity landscape continues to evolve, staying informed about potential vulnerabilities and implementing timely updates will remain vital. Organizations must not only act on the specific vulnerabilities disclosed but also foster a culture of security awareness to better defend against future threats.

Source link

Related Posts

OpenSSL Issues Updates to Address Two Critical Security Vulnerabilities

On March 26, 2021, OpenSSL maintainers released fixes for two high-severity security flaws that could lead to denial-of-service (DoS) attacks and the circumvention of certificate verification. Identified as CVE-2021-3449 and CVE-2021-3450, these vulnerabilities have been patched in the latest update (version OpenSSL 1.1.1k), made available on Thursday. CVE-2021-3449 is applicable to all OpenSSL 1.1.1 versions, while CVE-2021-3450 affects versions 1.1.1h and later. OpenSSL provides cryptographic functions that support the Transport Layer Security protocol, aiding in the secure transmission of communication over networks. According to an advisory from OpenSSL, CVE-2021-3449 poses a potential DoS risk linked to NULL pointer dereferencing, which can result in an OpenSSL TLS server crash if a client sends a malicious “ClientHello” message during the handshake process.

New Vulnerabilities May Allow Hackers to Bypass Spectre Mitigations on Linux

Cybersecurity researchers have recently unveiled two critical vulnerabilities in Linux-based systems. If exploited, these flaws could enable attackers to bypass mitigations for speculative execution attacks like Spectre and access sensitive kernel memory. Identified by Piotr Krysiuk from Symantec’s Threat Hunter team, the vulnerabilities are designated as CVE-2020-27170 and CVE-2020-27171, both with a CVSS score of 5.5. They affect all Linux kernels released before version 5.11.8. Security patches were made available on March 20, with various distributions, including Ubuntu, Debian, and Red Hat, implementing fixes. CVE-2020-27170 can disclose content from any kernel memory location, while CVE-2020-27171 enables data retrieval from a 4GB segment of kernel memory. First reported in January 2018, the Spectre and Meltdown vulnerabilities exploit weaknesses in modern CPUs to leak sensitive data.

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

Urgent: Update Your Chrome Browser Immediately to Fix Recently Discovered Vulnerability

Google has released a critical update for the Chrome web browser across Windows, Mac, and Linux, addressing seven security issues, including one actively exploited flaw. Identified as CVE-2021-21224, this vulnerability arises from a type confusion problem in the V8 JavaScript engine, reported by security researcher Jose Martinez on April 5. Security expert Lei Cao explains that the bug occurs during integer type conversion, leading to an out-of-bounds condition that could allow arbitrary memory read/write access. “Google is aware of reports indicating that exploits for CVE-2021-21224 are in the wild,” stated Chrome’s Technical Program Manager, Srinivas Sista, in a recent blog post. This update follows the release of proof-of-concept code by a researcher named “frust” on April 14, highlighting the urgency of addressing this issue.