Recently, SolarWinds has responded to a remote code execution vulnerability found in the SolarWinds Orion Platform. It’s a pre-authenticated vulnerability with a CVSS score of 8.8 out of 10, which is high. There is a need to fix it. This post will see how to fix CVE-2021-35244- A Remote Code Execution vulnerability in the SolarWinds Orion Platform.
Table of Contents
Solarwinds Orion Platform:
The SolarWinds Orion Platform is a robust, scalable infrastructure monitoring and management platform designed to simplify the IT administration for hybrid, software as a service (SaaS), and hybrid environments in one place. With the SolarWinds Orion Platform, there is no need to struggle with various incompatible point monitoring products. It consolidates the entire suite of monitoring capabilities into single platforms with cross-stack integrated functionality.
Summary Of The CVE-2021-35244:
The flaw exists because applications do not follow security restrictions properly. A remote user with Orion alert management privileges can leverage this vulnerability for performing an unrestricted file upload that causes a remote code execution
SolarWind Says, “The ‘Log alert to a file’ action inside the action management enables Orion Platform users with Orion alert management rights to write to a file. An attacker with Orion alert management privileges could use this vulnerability to perform an unrestricted file upload that can cause remote code execution.”
| Associated CVE ID | CVE-2021-35244 |
| Description | A Remote Code Execution Vulnerability in SolarWinds Orion Platform |
| Associated ZDI ID | ZDI-CAN-13664 |
| CVSS Score | 8.8 High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Version Affected By CVE-2021-35244- A Remote Code Execution
The Orion Platform from v2020.2.6 to v2020.2.6 HF2 are affected by the CVE-2021-35244 vulnerability.
Known Affected Software Configurations are:
- cpe:2.3:a:solarwinds:orion_platform
- cpe:2.3:a:solarwinds:orion_platform:2020.2.6
- cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1
- cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2
How To Fix CVE-2021-35244- A remote Code Execution Vulnerability?
The vulnerability is known to affect confidentiality, integrity, and availability. We recommend to install the hotfix released by SolarWinds to fix the CVE-2021-35244 vulnerability. Follow the steps to install the hotfix.
How to Install the HotFix on the SolarWinds Orion Platform?
It is possible to install HotFix in both online and offline environments. You should have an admin login of the SolarWinds Orion server and SolarWinds customer portal.
- Log in to the server hosting SolarWinds Orion
Use an administrator account for logging into the server hosting SolarWinds Orion installation.
- Log in to the Customer Portal
Access the SolarWinds Customer Portal at https://customerportal.solarwinds.com/. Please click here if you haven’t registered yet.
- Download and Install the HotFix Installer
Click Downloads > Download Product. Ensure you selected the correct product and license tier to download the correct Online Installation file.
To install the hotfix on an Orion Platform server with Internet access. Select the product and license tier and download the Online Installation file. The Orion Installer downloads and installs the hotfix for you.
To install the hotfix on an Orion Platform server in the offline environment. Download the Hotfix Bundle for Products with Orion 2020.2.6, execute the installation file, and follow the installation wizard’s instructions.
After applying the fix, the issue should no longer occur. For more information, visit the Orion Platform 2020.2.6 Hotfix 3 guid
We hope this post will help you know How to Fix CVE-2021-35244- A Remote Code Execution Vulnerability in SolarWinds Orion Platform. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page in Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270156.html