State-backed hackers are targeting government entities and private businesses all over the world in a global supply chain attack, in which they deploy a malicious SolarWinds update to compromise networks, according to a new report from the cybersecurity firm FireEye.
Behavior:Win32/Solorigate.C!dha
Vulnerability details
Advisory: SB2020121409 - Backdoor in SolarWinds Orion Platform
Vulnerable component:
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-506 - Embedded Malicious Code
Description:
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.
According to SolarWinds, Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1 are affected.
Note, this vulnerability is being actively exploited in the wild in a supply chain attack and is dubbed SUNBURST.