Cybersecurity specialists reported the finding of a critical vulnerability in Orion Platform, the IT performance monitoring solution developed by tech company SolarWinds. According to the report, successful exploitation of this flaw would allow malicious hackers to install a backdoor in affected implementations.
The flaw has been already exploited in the wild though a supply chain attack, so the experts recommend read carefully any detail related to this finding.
The experts stated that the vulnerability exists due to presence of embedded malicious functionality in the application code, also known as backdoor, that allows remote malicious hackers to gain unauthorized access to the vulnerable application. A similar attack could have been related to the incident affecting cybersecurity company FireEye during last week.
The flaw received a 9.4/10 score according to the Common Vulnerability Scoring System (CVSS). So far there is no CVE tracking key associated to the report.
Below are the vulnerable versions of the Orion Platform software:
- 2019.4 HF 5
- 2020.2 HF 1
The experts confirmed this vulnerability can be exploited remotely by non-authenticated threat actors; all the attackers need to do is send a specially crafted request to the compromised system. As mentioned above, there are multiple active exploitation cases detected.
To fully mitigate risk exploitation, users of affected implementations must install official updates as soon as possible. Further details about the mitigation process can be found at SolarWind official platforms.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.