CVE-2020-10148
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
Analysis
SolarWinds Orion API contains an authentication bypass that allows unauthenticated remote attackers to execute API commands, related to the massive SUNBURST supply chain attack discovered in December 2020.
Technical Context
The CWE-288 authentication bypass allows attackers to invoke privileged Orion API commands without credentials. This vulnerability was part of the broader SUNBURST campaign where SolarWinds build systems were compromised to distribute backdoored Orion updates to 18,000+ organizations.
Affected Products
['SolarWinds Orion Platform 2019.4 HF 5', 'SolarWinds Orion Platform 2020.2 with no hotfix', 'SolarWinds Orion Platform 2020.2 HF 1']
Remediation
Update SolarWinds Orion to patched versions. Assume compromise if running affected versions during the SUNBURST campaign window (March-December 2020). Conduct thorough incident response including credential rotation and Active Directory review.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today