SolarWinds Orion API Authentication Bypass Vulnerability

Description

SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. This attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention.

Outbreak Alert

SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.

View the full Outbreak Alert Report

Affected Applications

Solarwinds Orion

CVE References

Other References