You are currently viewing SolarWinds Releases Updates to Address Vulnerability Exploited by SUPERNOVA Malware

SolarWinds Releases Updates to Address Vulnerability Exploited by SUPERNOVA Malware

SolarWinds has released an advisory on 27th December 2020 to address the vulnerability being exploited by SUPERNOVA malware. The vulnerability resides in the SolarWinds Orion API, making it vulnerable to an authentication bypass that can further lead to remote code execution. The vulnerability has been assigned as CVE-2020-10148. The vulnerability can be used to deploy SUPERNOVA malware on the target environment.


CVE-2020-10148 details

The SolarWinds Orion API is used to interface with all SolarWinds Orion Platform products. API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of the URI request, which could allow an attacker to execute unauthenticated API commands. Moreover, if an attacker appends a PathInfoparameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the Skip Authorization flag, which then allows the API request to be processed without requiring authentication.


SUPERNOVA

SUPERNOVA is written in .NET and made specifically for usage on SolarWinds Orion servers. It is deployed as a DLL module. It consists of two components – one being an unsigned webshell.dll and the other for exploiting the vulnerability present in the Orion platform to enable the deployment of malware.


Impact

The vulnerability could allow remote attackers to bypass authentication and execute remote code, which would result in a compromise of the SolarWinds instance.


Affected platforms

The vulnerability resides in the Orion API. Hence several products are affected by it. These include Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed or with 2020.2 HF 1 including:
Application Centric Monitor
Database Performance Analyzer Integration Module
Enterprise Operations Console
High Availability
IP Address Manager
Log Analyzer
Network Automation Manager
Network Configuration Manager
Network Operations Manager
User Device Tracker
Network Performance Monitor
NetFlow Traffic Analyzer
Server & Application Monitor
Server Configuration Monitor
Storage Resource Monitor
Virtualization Manager
VoIP & Network Quality Manager
Web Performance Monitor (WPM)


Solution

Solarwinds has issued patches for fixing the vulnerability. SanerNow detects the vulnerability (CVE-2020-10148).

0 0 votes
Article Rating
Subscribe
Notify of

0 Comments
Inline Feedbacks
View all comments