Intrusion PreventionSolarWinds.Orion.Platform.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in SolarWinds Orion Platform.
The vulnerability is due to insufficient handling of specific path components in request-URIs. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the attacker gaining access to certain API endpoints which would normally require authentication.
Outbreak Alert
SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.
Affected Products
SolarWinds Orion Platform 2019.2 HF 3 and prior
SolarWinds Orion Platform 2019.4 prior to HF 6
SolarWinds Orion Platform 2020.2.x prior to 2020.2.1 HF 2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.solarwinds.com/securityadvisory
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-10-31 | 22.424 | Sig Added |
| 2022-10-17 | 22.414 | Sig Added |
| 2022-09-12 | 22.389 | Sig Added |
| 2022-08-03 | 21.367 | Sig Added |
| 2021-02-17 | 17.018 | Sig Added |
| 2021-02-01 | 17.008 | Default_action:pass:drop |
| 2021-01-27 | 17.006 | |
| 2021-01-21 | 17.005 | |
| 2021-01-21 | 17.004 |
| ID | 49743 |
| Created | Jan 11, 2021 |
| Updated | Oct 28, 2022 |
| Outbreak Alert | Solarwinds |
| Risk |
|
| CVE ID | CVE-2020-10148 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.31% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |