SolarWinds Orion API Authentication Bypass Vulnerability

SolarWinds Orion API Authentication Bypass Vulnerability

According to a document published by the CERT Coordination Center, the SolarWinds Orion API, which is used to interface with all other Orion system monitoring and management systems, allows attackers to run commands without authentication.

In this vulnerability, the authentication process in the API can be circumvented by adding special parameters to the Request.PathInfo section of the URI request. Thus, potential attackers can execute commands given through the API in the system without authentication.

The vulnerability may also have been used in the installation and dissemination of the malicious software called SUPERNOVA, the information of which was previously published by Microsoft.

AFFECTED SYSTEMS

• Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed
• Orion Platform versions 2020.2 HF 1

SOLUTION/RECOMMENDATION

It is recommended to upload updates listed in the following.

2019.4 HF 6 (December 14, 2020)

2020.2.1 HF 2 (December 15, 2020)

2019.2 SUPERNOVA Patch (December 23, 2020)

2018.4 SUPERNOVA Patch (December 23, 2020)

2018.2 SUPERNOVA Patch (December 23, 2020)

For users who have already made the 2020.2.1 HF 2 and 2019.4 HF 6 updates, they are informed that both SUNBURST and SUPERNOVA vulnerabilities have been eliminated and no further action is required.

CVE / CWE

CVE-2020-10148

Additional Information

• Solarwinds Securty Newsletter
• DHS Emergency Notification
• Orion SDK Wiki