SolarWinds products had three serious security flaws, researchers find – By Laura Hautala (CNET) / Feb 3 2021
Now patched, the flaws could have let attackers access systems running programs made by the beleaguered software maker.
Researchers said Wednesday they’ve identified three severe but unexploited vulnerabilities in products sold by SolarWinds, a software company still reeling from the aftermath of a major hacking campaign. The newly revealed vulnerabilities have been patched and aren’t related to the March 2020 breach, which has been blamed on Russian intelligence.
Researchers at Trustwave, the cybersecurity firm that discovered the new vulnerabilities, didn’t go into technical detail about how the hackers would have exploited the flaws. Hackers have likely been looking for ways to exploit SolarWinds software, which is installed on hundreds of systems run by federal, state and local government agencies, as well as private companies, since the initial breach was discovered.
“Given the heavy focus on SolarWinds, it’s really important that people pay attention to these patch cycles,” said Karl Sigler, who heads the responsible disclosure of software flaws at Trustwave. The company will provide more details about the flaws on Feb. 9.
CONTINUE > https://www.cnet.com/news/solarwinds-products-had-three-serious-security-flaws-researchers-find/