SolarWinds patches two critical CVEs in Orion platform
New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet
Share this item with your network: By Published: 03 Feb 2021 11:00
Users of SolarWinds’ Orion networking platform – the service at the centre of the high-profile Solorigate/Sunburst attack – are once again being advised to patch their systems urgently following the disclosure of two unrelated critical vulnerabilities.
Discovered by researchers at Trustwave’s SpiderLabs unit, and assigned CVEs 2021-25274 and 2021-25275, the bugs were disclosed to SolarWinds on 30 December 2020 and confirmed in early January 2021. A patch has been available since 25 January, and proof-of-concept code is also available, although it is being held back for a bit longer to give end-user administrators more time to rectify the issues.