SolarWinds.Orion.Platform.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in SolarWinds Orion Platform.
The vulnerability is due to insufficient handling of specific path components in request-URIs. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the attacker gaining access to certain API endpoints which would normally require authentication.
Outbreak Alert
SolarWinds [signed] software containing a planted vulnerability released in March 2020 as a regular (trusted) software patch. The backdoor was not discovered until the FireEye breach became public 9 months later.
Affected Products
SolarWinds Orion Platform 2019.2 HF 3 and prior
SolarWinds Orion Platform 2019.4 prior to HF 6
SolarWinds Orion Platform 2020.2.x prior to 2020.2.1 HF 2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.solarwinds.com/securityadvisory
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2022-10-31 | 22.424 | Sig Added |
2022-10-17 | 22.414 | Sig Added |
2022-09-12 | 22.389 | Sig Added |
2022-08-03 | 21.367 | Sig Added |
2021-02-17 | 17.018 | Sig Added |
2021-02-01 | 17.008 | Default_action:pass:drop |
2021-01-27 | 17.006 | |
2021-01-21 | 17.005 | |
2021-01-21 | 17.004 |