Cybersecurity

SolarWinds Addresses Critical Vulnerabilities in Access Rights Manager

SolarWinds addressed critical vulnerabilities in its Access Rights Manager software, including remote code execution flaws, potentially enabling unauthorized access and system compromise, with a severity rating of 9.6 out of 10, following a history of cybersecurity incidents, including a breach by the Russian APT29 hacking group, leading to a massive supply-chain attack affecting numerous government agencies and Fortune 500 companies.

At a glance

  • SolarWinds addressed critical vulnerabilities in its Access Rights Manager software.
  • Six vulnerabilities allowed for remote code execution by malicious actors
  • RCE vulnerabilities were rated at 9.6 out of 10 in severity
  • Directory traversal flaws and authentication bypass vulnerabilities were also resolved
  • SolarWinds faced a breach by the Russian APT29 hacking group in the past

The details

SolarWinds, a leading software firm, recently addressed a series of critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities, now fixed, posed significant risks to enterprise environments.

Six of these vulnerabilities allowed for remote code execution (RCE) exploitation by malicious actors on vulnerable devices. This could have enabled unauthorized access and potential system compromise.

The severity of these RCE vulnerabilities was rated 9.6 out of 10.

In addition to the RCE vulnerabilities, SolarWinds also resolved three critical directory traversal flaws. Unauthenticated users could have exploited these flaws to carry out arbitrary file deletion and access sensitive information. Furthermore, a high-severity authentication bypass vulnerability was identified and fixed. This could have allowed unauthenticated attackers to gain domain admin privileges.

These vulnerabilities were reported through Trend Micro’s Zero Day Initiative. SolarWinds has not yet confirmed whether proof-of-concept exploits for these vulnerabilities are actively circulating in the wild.

This marks the company’s second round of patching vulnerabilities in the Access Rights Manager solution, following a previous remediation effort in February.

The cybersecurity incident involving SolarWinds is not isolated. The company had previously faced a breach by the Russian APT29 hacking group four years ago.

In that incident, Russian hackers leveraged trojanized updates to deploy the Sunburst backdoor on thousands of systems.

SolarWinds, a provider of services to 96% of Fortune 500 companies and government entities such as the U.S. Military, Pentagon, NASA, and NSA, was the center of a massive supply-chain attack.

Following the disclosure of the breach, multiple U.S. government agencies acknowledged that their networks had been compromised.

In a significant development, the U.S. government formally accused the Russian Foreign Intelligence Service (SVR) of orchestrating the 2020 SolarWinds attack in April 2021.

Subsequently, in October 2023, the U.S. Securities and Exchange Commission (SEC) took action against SolarWinds, charging the company with failing to disclose cybersecurity defense issues to investors prior to the hack.

This latest revelation underscores the far-reaching implications of cyberattacks on both private and public sector entities, highlighting the critical importance of robust cybersecurity measures and proactive threat mitigation strategies.

Article X-ray

Facts attribution

This section links each of the article’s facts back to its original source.

If you suspect false information in the article, you can use this section to investigate where it came from.

securityweek.com
– SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software
– Six of the vulnerabilities allowed attackers to gain remote code execution (RCE) on vulnerable devices
– Access Rights Manager is a tool in enterprise environments that helps admins manage and audit access rights across IT infrastructure
– The RCE vulnerabilities had severity scores of 9.6/10
– The vulnerabilities allowed attackers without privileges to perform actions on unpatched systems by executing code or commands
– The company also patched three critical directory traversal flaws that allow unauthenticated users to perform arbitrary file deletion and obtain sensitive information
– SolarWinds also fixed a high-severity authentication bypass vulnerability that can let unauthenticated malicious actors gain domain admin access
– The flaws were reported through Trend Micro’s Zero Day Initiative
– SolarWinds has not revealed whether proof-of-concept exploits for these flaws are available in the wild
– In February, SolarWinds patched five other RCE vulnerabilities in the Access Rights Manager solution
– Four years ago, SolarWinds’ internal systems were breached by the Russian APT29 hacking group
– The Russian state hackers used trojanized updates to deploy the Sunburst backdoor on thousands of systems
– SolarWinds serviced 96% of Fortune 500 companies and government organizations like the U.S. Military, Pentagon, NASA, and NSA
– After the supply-chain attack was disclosed, multiple U.S. government agencies confirmed their networks were breached
– In April 2021, the U.S. government formally accused the Russian Foreign Intelligence Service (SVR) of orchestrating the 2020 SolarWinds attack
– The U.S. Securities and Exchange Commission (SEC) charged SolarWinds in October 2023 for failing to notify investors of cybersecurity defense issues before the hack.

What's your reaction?

Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0

You may also like

Comments are closed.