Over the past week, CISA, CERT and SolarWinds has released Security Advisories regarding the cyberattack on SolarWinds systems, which resulted in the SUNBURST vulnerability. This vulnerability could allow an attacker to comprise SolarWinds client’s servers.
The SUNBURST vulnerability affects the SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 (with no hotfix installed), or with 2020.2 HF 1. This would include:
- Application Centric Monitor (ACM)
- Database Performance Analyzer (DPA)
- Enterprise Operations Console (EOC)
- High Availability (HA)
- IP Address Manager (IPAM)
- Log Analyzer (LA)
- Network Automation Manager (NAM)
- Network Configuration Manager (NCM)
- Network Operations Manager (NOM)
- User Device Tracker (UDT)
- Network Performance Monitor (NPM)
- NetFlow Traffic Analyzer (NTA)
- Server & Application Monitor (SAM)
- Server Configuration Monitor (SCM)
- Storage Resource Monitor (SRM)
- Virtualization Manager (VMAN)
- VoIP & Network Quality Manager (VNQM)
- Web Performance Monitor (WPM)
If the SolarWinds Orion Platform is being used in your organization, you will need to upgrade ASAP depending on the version:
- Orion Platform v2020.2 or 2020.2 HF 1 should upgrade to Orion Platform v2020.2.1 HF 2
- Orion Platform v2019.4 HF 5 should upgrade to Orion Platform 2019.4 HF 6
- Orion Platform 2019.4 HF 4 or prior versions believe to not have been affected
If you are unable to upgrade immediately, SolarWinds has guidelines for securing your Orion Platform deployment. Mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is required to operate your platform.
