CVE-2021-25276, affecting SolarWinds Serv-U FTP for Windows, can be exploited by authenticated users to add an admin account and use it to read, write to or delete any file on the system.CVE-2021-25275, affecting SolarWinds Orion, can be exploited by unprivileged users who can log in to the box locally or via RDP to discover the credentials needed to access the backend database.
CVE-2021-25274, affecting SolarWinds Orion, can be exploited by unprivileged users to achieve remote code execution.In the wake of this recent revelation comes the disclosure of three vulnerability found by Trustwave security research manager Martin Rakhmanov in several SolarWinds products:
Additional flaws in SolarWinds products discovered, patched One of the interviewed sources said that the hackers behind this attack used computer infrastructure and hacking tools previously leveraged by state-backed Chinese hackers. They’ve also said that they patched this specific vulnerability in December 2020. SolarWinds confirmed that one unnamed customer was compromised by a second group of attackers, but that the vulnerability in its Orion platform was only exploited once the attackers already gained access to that customer’s network by other means. But, according to a USDA spokesman, the NFC has ultimately not been hacked. federal agencies, including the DHS, the FBI and the State Department. Department of Agriculture (USDA) and handles payroll for a number of U.S. Unlike the alleged Russian attackers who inserted malware directly into the company’s Orion network monitoring platform by compromising its build environment, another group has simply found and exploited a vulnerability in the software.Īccording to Reuters’ sources, among their targets was the National Finance Center (NFC), a federal agency that’s part of the the U.S. State-sponsored hackers have a taste for SolarWinds?
Another group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday.