Note: this article is about a current event which is still highly evolving. We encourage customers to revisit as we update the article as things continue to change.
Recently, the world received notice of a far-reaching intrusion campaign, potentially affecting thousands of companies and organizations—some of which are government organizations. The malicious code, referred to as "SUNBURST", is aiming at heavily obfuscating its presence (Trojan Horse) to allow lateral movement further into the infrastructure and the gathering of data to be transferred to third-parties. Such a breach has far reaching consequences, requiring quick action and a sophisticated response to ensure that breached networks and systems become secure once again.
More details will still reach the surface in the weeks and months ahead, but so far, we know that certain updates of the SolarWinds Orion Platform, which is the current base for many further products like the SolarWinds Network Performance Monitor, had been tainted to distribute a back door through a certain library. This library is usually an inconspicuous plugin used in the Orion Platform product, however, in this case it carried a malicious payload introduced through a so-called supply-chain attack.
Various teams across different Flexera solutions, namely Data Platform (DP) and Software Vulnerability Management (SVM), have been working overtime to ensure that our customers get immediate visibility on the impact of this and other vulnerabilities.
As of December 16, 2020, customers can expect to see:
In the future, customers can expect to see:
IT Visibility customers can expect to see any detected installations of impacted SolarWinds products and/or releases in their inventory, providing the evidence already exists in our recognition library. Any net new evidence may still need to go through the gap-fill process.
The capability to show the vulnerability information, however, is not currently available in IT Visibility. This is something that we’re actively working on to make available in the first half of 2021.
Similar to IT Visibility, FNMS customers can also expect to see SolarWinds applications which are potentially impacted by this attack. Given the fact that applications granularity in FNMS is captured only at the major.minor version, further investigation may be needed to identify the subset of installations in their inventory with the exact build and/or patch levels.
As of December 16, 2020, SVR customers can expect to see:
In the future, SVM customers can expect to see:
List of impacted SolarWinds products and/or releases:
List of associated Secunia Advisories:
List of available, impacted CPEs:
List of associated CVEs:
(will be updated as soon as we received data from trusted resources. Please check back for any future updates.)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.