SolarWinds Patches Critical Code Execution Bug In Orion Platform

SolarWinds has released security updates to address four vulnerabilities impacting the company’s Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely.

The Orion Platform is an IT administration solution that enables enterprise organizations to manage, optimize, and monitor their on-premises, hybrid, or software as a service (SaaS) IT infrastructures.

Patches for critical and high severity vulnerabilities

The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager’s test alert actions.

Luckily, despite being rated as critical by SolarWinds, only authenticated users can successfully exploit this vulnerability.

A second RCE vulnerability rated as high severity that attackers could use to execute arbitrary code remotely as an Administrator was addressed in the SolarWinds Orion Job Scheduler.

However, this flaw also requires the attackers to know an unprivileged local account’s credentials on the targeted Orion Server.

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

The two vulnerabilities, reported through Trend Micro’s Zero Day Initiative, haven’t yet been assigned CVE ID numbers.

CVE-ID	Vulnerability Title	Description	Severity	Credit
Pending	RCE via Actions and JSON Deserialization	A remote code execution vulnerability has been found via the test alert actions. An Orion authenticated user is required to exploit this.	Critical	ZDI Trend Micro
Pending	SolarWinds Orion Job Scheduler RCE	The vulnerability can be used to achieve authenticated RCE as Administrator. In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server.	High	Harrison Neal, ZDI Trend Micro
CVE-2020-35856	Stored XSS in Customize view	A stored XSS vulnerability was found in the add custom tab within customize view page by a security researcher. This vulnerability requires Orion administrator account to exploit this.	High	Jhon Jaro
CVE-2021-3109	Reverse Tabnabbing and Open Redirect	A Reverse Tabnabbing and Open Redirect vulnerability was found in the custom menu item options page by a security researcher. This vulnerability requires an Orion administrator account to exploit this.	Medium	Jhon Jaro

Orion Platform security improvements

SolarWinds has also included several security improvements in this new Orion Platform release, including:

• Orion XSS prevention improvements and related fixes.
• Communication channel improvements for internal SolarWinds services.
• DB Manager UAC protection
• AngularJS upgraded to 1.8.0
• Moment.JS upgraded to 2.29.1

Administrators can deploy the security updates and the additional security improvements by installing the Orion Platform 2020.2.5 release.

“If you are upgrading from Orion Platform 2015.1.3 or later, use the SolarWinds Orion Installer to simultaneously upgrade your entire Orion deployment (all Orion Platform products and any scalability engines) to the current versions,” SolarWinds explained.

Admins upgrading from an Orion Platform 2019.2 installation don’t need to download the Orion Installer first. They can also upgrade the entire Orion deployment by going to the My Orion Deployment page and navigating to Settings > My Orion Deployment > Updates & Evaluations.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

SolarWinds patch three other critical vulnerabilities last month, one of them allowing remote unauthenticated threat actors to take over Orion servers.