Beleaguered SolarWinds hit with fresh vulnerabilities

Three severe flaws across Orion and Serv-U FTP can be exploited to launch remote code execution attacks and steal data

Researchers have discovered three new vulnerabilities embedded in SolarWinds products, including two in the Orion Platform that was at the heart of one of the largest-scale hacks in modern history.

They concern two flaws in the Orion Platform, which hackers previously exploited in last year’s infamous supply chain attack, as well as one bug in Serv-U FTP for Windows, a file transfer protocol (FTP) server and client software.

Although these flaws haven’t been exploited in the recent SolarWinds attacks, nor in any attacks in the wild so far, researchers with Trustwave SpiderLabs have deemed them to be severe bugs that demand urgent patching.

“The patches for the three severe vulnerabilities that Trustwave discovered were issued in January,” said senior security research manager with Trustwave SpiderLabs, Karl Sigler.

“This latest development re-emphasizes the need for thorough security testing for complex software platforms and shows what could have happened if Trustwave had not discovered the three identified severe vulnerabilities before the bad actors did.”

The first Orion vulnerability, tracked as CVE-2021-25275, can be exploited by hackers to either steal information from a corporate network or add admin-level users to be used within the security platform.

The flaw centres on the insecure manner by which credentials are stored - and could allow any local users to take complete control over the SolarWinds Orion database, regardless of privilege level.

The second flaw, tagged CVE-2021-25274, centres on the improper use of Microsoft Messaging Queue (MSQ) and is considered the most severe.

This can allow remote unprivileged users to execute arbitrary code as if they had the highest privileges. 

Finally, CVE-2021-25276 is a vulnerability in Serv-U FTP for Windows that can allow any user, regardless of privilege, to create a file that can define a new Serv-U FTP admin account with access to the C:\ drive.

Successful exploitation could lead to the attacker using the newly-created account to log in through FTP and read or replace any file on the C:\ drive.

SolarWinds has issued fixes for these vulnerabilities with ‘Orion Platform 2020.2.4’ and ‘ServU-FTP 15.2.2 Hotfix 1 Patch’. Trustwave has purposely excluded proof of concept (PoC) details from their blog post to give SolarWinds users longer to patch.

While there’s currently no evidence these flaws have been exploited, their disclosure is certain to raise alarm bells among SolarWinds customers who are still reeling from the devastating effects of the 2020 hack.

In what was considered one of the scariest horror stories of last year, it was revealed in December that hackers had infiltrated a litany of organisations by exploiting flaws in the SolarWinds Orion Platform. 

An ongoing investigation has since found that hackers may have had access to the firm’s internal systems since September 2019, well over a year before SolarWinds confirmed it had fallen victim to the attack.

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022