Solarwinds has issued patches for fixing the vulnerability.
#Solarwinds supernova code
The analysis includes details on how Remote Code Executi. These include Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed or with 2020.2 HF 1 including:ĭatabase Performance Analyzer Integration Module Learn more in-depth details about the Supernova exploit used to attack SolarWinds and its customers. Hence several products are affected by it. On December 13, 2020, the Cybersecurity & Infrastructure Agency (CISA) released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise. The vulnerability resides in the Orion API. The vulnerability could allow remote attackers to bypass authentication and execute remote code, which would result in a compromise of the SolarWinds instance. It consists of two components – one being an unsigned webshell.dll and the other for exploiting the vulnerability present in the Orion platform to enable the deployment of malware. NET and made specifically for usage on SolarWinds Orion servers.
![solarwinds supernova solarwinds supernova](https://pbs.twimg.com/media/EtJvqUMXYAUkO1F.png)
Moreover, if an attacker appends a PathInfoparameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the Skip Authorization flag, which then allows the API request to be processed without requiring authentication. API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of the URI request, which could allow an attacker to execute unauthenticated API commands. The SolarWinds Orion API is used to interface with all SolarWinds Orion Platform products. The vulnerability can be used to deploy SUPERNOVA malware on the target environment. The vulnerability has been assigned as CVE-2020-10148. The vulnerability resides in the SolarWinds Orion API, making it vulnerable to an authentication bypass that can further lead to remote code execution. SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today announced it released updates in response to the SUPERNOVA malware for all supported versions of SolarWinds ® Orion ® Platform products and a fix for customers on unsupported versions of these products. SolarWinds has released an advisory on 27th December 2020 to address the vulnerability being exploited by SUPERNOVA malware.