- DS72 ORION SOLARWINDS ALERT UPDATE
- DS72 ORION SOLARWINDS ALERT PATCH
- DS72 ORION SOLARWINDS ALERT CODE
Private security firm FireEye has also disclosed that the attackers were able to steal their private collection of hacking tools and techniques used for security audits. The attacks have been ongoing since at least March 2020 and CISA has warned that many high-value targets within government, critical infrastructure, and the private sector have been compromised.
DS72 ORION SOLARWINDS ALERT UPDATE
These enhancements should provide further incentive to update your Orion platform to the latest release.The United States Cybersecurity & Infrastructure Security Agency (CISA) has advised that an advanced persistent threat (APT) actor was able to insert sophisticated malware into officially signed and released updates to the SolarWinds network management software.
AngularJS & MomentJS JavaScript browser libraries have both been upgraded to 1.8.0 and 2.29.1, respectively. The Orion DB Manager now uses user-access control (UAC) protection. Communication channel improvements for internal SolarWinds services. Further cross-site scripting prevention improvements and many related fixes. While you should apply the update just to fix the known, exploitable flaws, SolarWinds also made some further security improvements in the 2020.2.5 release: Rapid7 will update this blog post if there are any updates to the disclosed vulnerabilities without assigned CVEs or any attacker activity is discovered. This last vulnerability also requires Orion administrator account for successful exploitation. CVE-2020-35856 is a stored cross-site scripting (XSS) vulnerability also discovered by researcher Jhon Jarow and exists in the “add custom tab within customize view page”. The weakness exists in a custom menu item options page requires an Orion administrator account for successful exploitation. CVE-2021-3109 is a reverse tabnabbing and open redirect flaw discovered by researcher Jhon Jaro. This, too, has no assigned CVE but has been rated as high by SolarWinds. 
DS72 ORION SOLARWINDS ALERT CODE
The second remote code authentication weakness in the SolarWinds Orion Job Scheduler also requires authentication via non-administrative-level credentials and provides successful attackers with Administrator-level execution privileges on targeted systems.
The most critical vulnerability - an authenticated remote code execution weakness via Actions and JSON Deserialization lies within the test alert actions and has no assigned CVE identifier as of March 26, 2021. The “test alert actions” functionality is a way for Orion users to test network-level event triggers that can be set up to send alerts. While exploitation requires non-administrative-level authentication, recent history has shown that this does not seem to thwart sophisticated attackers all that much. The Rapid7 vulnerability research team is investigating the following four new flaws in the Orion platform: InsightVM and Nexpose customers can assess their exposure to these CVEs with authenticated vulnerability checks. DS72 ORION SOLARWINDS ALERT PATCH
Given the attention attackers have paid to SolarWinds Orion in the past 4+ months, Rapid7 urges affected organizations to prioritize patching within an accelerated patch window if possible, and at the very least within the 30-day window if you are following the typical 30-60-90 day patch criticality cadence. Fixes for these weaknesses are in Orion Platform 2020.2.5. On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of which is an authenticated remote code execution flaw due to a JSON deserialization weakness.
0 kommentar(er)
