Pixelette Technologies

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

 update of SolarWinds

According to a report from IT infrastructure management provider SolarWinds on Thursday, they have updated their Orion networking monitoring tool with fixes for 4 security vulnerabilities. They found two weaknesses that could enable an attack on their Remote Code Execution (RCE). The biggest among these two is the JSON deserialization flaw that can help an authenticated user to assassinate arbitrary code. This can help users in damaging network events which might trigger an alert during setup. Understandably, this sounds very critical. The second issue is rated highly risky as this can be vulnerable in a way that it can help an authenticated attacker to access Remote Code Execution (RCE). Upon this SolarWinds released an update in which they said that an attacker would need the credentials of an account on the Orion server in order to exploit this vulnerability. In addition to these two flaws, they found two more high severity flaws. Among these two new bugs, the first vulnerability was a high-severity stored cross-site scripting (XSS) which was in the add custom tab and open redirect vulnerability in the custom menu item options page. Moreover, they said that both these vulnerabilities would need the account of the Orion administrator if they are to be exploited. Not just flaws but this new update have many security improvements which include prevention from XSS attacks. These fixes didn’t come before a company in Texas found two severe security vulnerabilities which affected the Orion platform. Moreover, they said that these two vulnerabilities could have been used to achieve access to Remote Code Execution. Orion platform released an update in which they asked the Orion users to update to the new release to prevent them from the security vulnerabilities. 

Leave a Comment

Your email address will not be published. Required fields are marked *

Recent Posts


Topic(s) Of Interest

Social Share

Share this post with your friends, if you found our content interesting.

× How can we help you?