Last Login: January 05, 2021
dabdine's Contributions (1)
This vulnerability was reported on 12/24, and was discovered after an investigation led to the identification of a web shell on an affected victim, claim sources. The “malware” was named SUPERNOVA, and to install it, the actor used a 0day vulnerability on the SolarWinds API. More details are available at the SolarWinds website (or really, all over the internet): https://www.solarwinds.com/securityadvisory
As of writing, the CVE details are still reserved. CVSS v3.1 calculations vary between 9.5-10 (depending on how far into the environmental characteristics you dive, but most sites peg it at 9.8).
This gist on GitHub seems to demonstrate exploitability of the issue by dumping a password database using auth bypass + arbitrary file read: