Service Notices
SUPERNOVA Backdoor Found in SolarWinds
Dec 29, 2020 GMT+08:00
I. Overview
SolarWinds has recently released a security advisory with their response to SUPERNOVA, a publicly reported malware. SolarWinds Inc. is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. Orion, A SolarWinds product, is designed to provide monitoring and management for large enterprise-class infrastructures. Orion Platform has a vulnerability that allows attackers to deploy malicious code. Hackers have exploited this vulnerability to launch supply chain attacks.
If you are a SolarWinds user, check your system and implement timely security hardening.
References:
https://www.solarwinds.com/securityadvisory
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
2020.2.1 HF 2 and versions earlier than 2019.4 HF 6
Secure versions:
2019.4 HF 6
2020.2.1 HF 2
2019.2 SUPERNOVA patch
2018.4 SUPERNOVA patch
2018.2 SUPERNOVA patch
IV. Vulnerability Handling
This vulnerability has been fixed in the later official versions. In addition, security patches of earlier versions are also provided. If you are an affected user, upgrade your system as soon as possible. You can find more information at the below link.
https://www.solarwinds.com/securityadvisory
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.