CVE-2020-10148: SolarWinds Remote Code Execution Vulnerability Alert

On December 27, 2020, SolarWinds issued a risk notice for SolarWinds code execution vulnerability, the vulnerability number is CVE-2020-10148. The vulnerability level is critical.
SolarWinds disclosed a vulnerability outside the supply chain attack. This vulnerability allows unauthorized attackers to execute arbitrary code on the affected SolarWinds system.

Vulnerability Detail

The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion Platform products. API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a PathInfo parameter of WebResource.adxScriptResource.adxi18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.

Affected version

  • SolarWinds Orion 2020.2.1 HF 2 and 2019.4 HF 6

Unaffected version

  • 2019.4 HF 6 (released December 14, 2020)
  • 2020.2.1 HF 2 (released December 15, 2020)
  • 2019.2 SUPERNOVA Patch (released December 23, 2020)
  • 2018.4 SUPERNOVA Patch (released December 23, 2020)
  • 2018.2 SUPERNOVA Patch (released December 23, 2020)

Solution

In this regard, we recommend that users upgrade SolarWinds to the latest version in time. At the same time, please do a good job in asset self-inspection and prevention to avoid hacker attacks.