Zero-day vulnerability in

Embedded malicious code (backdoor)

State-backed hackers are targeting government entities and private businesses all over the world in a global supply chain attack, in which they deploy a malicious SolarWinds update to compromise networks, according to a new report from the cybersecurity firm FireEye.

Known malware:

Behavior:Win32/Solorigate.C!dha

Vulnerability details

Advisory: SB2020121409 - Backdoor in SolarWinds Orion Platform

Vulnerable component:

CVE-ID:

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-506 - Embedded Malicious Code

Description:

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

According to SolarWinds, Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1 are affected.

Note, this vulnerability is being actively exploited in the wild in a supply chain attack and is dubbed SUNBURST.