This was also confirmed by the Palo Alto Networks Unit 42 threat intelligence team and GuidePoint Security. Both security companies describe it as a.
#CHROME ORION SOLARWINDS SOFTWARE#
Last week, Microsoft disclosed a second threat actor, which may have abused SolarWinds Orion software to deliver another malware, SuperNova, on the target system. SolarWinds updated its previous security bulletin on December 24, stating that attackers can deploy malware by exploiting a vulnerability in the Orion Platform. However, the details of the vulnerability have not yet been fully disclosed. In particular, if the attacker attaches the PathInfo parameter of’WebResource.adx’,’ScriptResource.adx’,’i18n.ashx’ or’Skipi18n’ to the request sent to the SolarWinds Orion server, SolarWinds will set the SkipAuthorization flag, which may be Causes the API request to be processed without authentication. The announcement pointed out that by including specific parameters in the Request.PathInfo part of the URI sent to the API, the API authentication can be bypassed. The vulnerability executes unauthenticated API commands to compromise SolarWinds instance. The attacker may have used an authentication bypass vulnerability in SolarWinds Orion software as a 0-day vulnerability to deploy SuperNova malware in the target environment.Īccording to a security bulletin issued by the US CERT/CC on December 26, the SolarWinds Orion API used to connect with all other Orion system monitoring and management products has a security vulnerability (CVE-2020-10148), which can be exploited by remote attackers.