Author: Melodie Foster
Date: 3rd February 2021
Researchers have disclosed three severe vulnerabilities, one of which could have led to a remote code execution (RCE) with elevated privileges which impacts SolarWinds products. Two flaws were identified in the SolarWinds Orion Platform, while a third was found in the company’s Serv-U FTP server for Windows.
The most severe vulnerability stems from improper use of Microsoft Messaging Queue by allowing unauthenticated users to send messages over TCP port 1801 to these queues. This could eventually lead an attacker to attaining RCE by attaching it with another deserialization issue in the code which handles incoming messages.
The second vulnerability stems from credentials of the backend database being stored in an insecure manner, this can result in a local, unprivileged user taking complete control over the database. This could result in the attacker stealing information or adding new admin-level users that can be used inside SolarWinds Orion products.
The final flaw found could allow an authenticated user to drop a file that could define a new admin user. This could have been leveraged by logging in as the new admin user via FTP and would be able to read and replace any file on the drive.
While none of these three flaws have been exploited, it is still recommended to upgrade to Orion Platform version 2020.2.4 and Serv-U FTP 15.2.2 Hotfix 1 to mitigate the risks.
Cyberfort Colocation Services
Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >
Cyberfort Deep Dives
Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >