Cybersecurity researchers on Wednesday uncovered three serious vulnerabilities in SolarWinds products, the most serious of which could be exploited to achieve remote code execution with elevated privileges.
Two of the bugs (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion platform, while a third separate vulnerability (CVE-2021-25276) was found in the company’s Serv-U-FTP server for Windows has been. said cybersecurity firm Trustwave in technical analysis.
None of the three security issues were exploited in the unprecedented supply chain attack against the Orion platform that became known last December.
The two vulnerabilities in Orion and Serv-U FTP were reported to SolarWinds on December 30, 2020 and January 4, 2021, respectively, after which the company resolved the issues on January 22nd and 25th.
It is highly recommended that users install the latest versions of Orion Platform and Serv-U FTP (15.2.2 Hotfix 1) to …