Solarwinds Orion Platform Has New Code Execution Flaws

Orion Platform

Solarwinds has released a major security update that fixes at least four known security holes, including two bugs that could be used to initiate remote code execution attacks.

The patches were released on Thursday as part of a minor security update to Solarwinds’ Orion Platform, which was used in recent nation-state software supply chain attacks.

At least four security vulnerabilities are addressed in the new Orion Platform 2020.2.5, one of which is graded “serious” due to the possibility of remote code execution attacks. The organisation did not provide technical information about the vulnerability, which has yet to be assigned a CVE.

The vulnerability was dubbed “RCE via Actions and JSON Deserialization” by Solarwinds. The critical bug was discovered through test warning actions, according to the company, and an Orion authenticated user is needed to successfully launch an exploit.

A second error, graded “high-risk,” poses a risk of remote code execution, according to Solarwinds. “The bug can be exploited to execute authenticated RCE as Administrator. An attacker must first know the passwords of an unprivileged local account on the Orion Server in order to exploit this.”

A “high-risk” stored-XSS vulnerability and a medium-severity problem that could lead to reverse-tabnabbing and open redirect attacks are also discussed in the update.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.