SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

SolarWinds Orion platform

The by-now infamous company has issued patches for three security vulnerabilities in total.

Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker and one in the Serv-U FTP for Windows product. The most severe of these could allow trivial remote code execution with high privileges.

The SolarWinds Orion platform is the network management tool at the heart of the recent espionage attack against several U.S. government agencies, tech companies and other high-profile targets. It allows users to manage devices, software and firmware versioning, applications and so on, and has full visibility into enterprise customer networks.

These fresh vulnerabilities have not been shown to be used in the spy attack, but admins should nonetheless apply patches as soon as possible, according to Martin Rakhmanov, security research manager for SpiderLabs at Trustwave.

Trustwave is not providing specific proof-of-concept (PoC) code until Feb. 9, in order to give SolarWinds users a longer time to patch, he noted in a Wednesday blog posting.