SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. This attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.
The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) issued Emergency Directive 21-01 regarding the SUNBURST vulnerability on December 13, 2020. CERT issued Alert (AA20-352A), titled Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, as an update to ED 21-01 on December 17, 2020, based on our coordination with the agency.
A Frequently Asked Questions (FAQ) page is available here, and we intend to update this page as we learn more information.
First, we want to assure you we’ve removed the software builds known to be affected by SUNBURST from our download sites.
We recommend taking the following steps related to your use of the SolarWinds Orion Platform:
SolarWinds asks customers with any of the below products listed as known affected for Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 as soon as possible to better ensure the security of your environment. This version is currently available at customerportal.solarwinds.com. Hotfix installation instructions are available in the 2020.2.1 HF 2 Release notes here.
SolarWinds asks customers with any of the below products listed as known affected for Orion Platform v2019.4 HF 5 to update to Orion Platform 2019.4 HF 6, which is available at customerportal.solarwinds.com. Hotfix installation instructions are available in the 2019.4 HF 6 Release Notes here.
All hotfix updates are cumulative and can be installed from any earlier version. There is no need to install previously released hotfix updates.
If you are running a version prior or equal to Orion Platform version 2019.4 HF 4, we do not believe that your system was compromised with this vulnerability and therefore are not recommending that any action is required to protect against this vulnerability.
You may need to synchronize your license prior to applying the hotfix. Please follow the steps here to kick off the synchronization of your license.
If you have disabled outward communication from your Orion license, please follow the "Activate License Offline" section from here.
Once you have successfully synched your license, please run the installer to install the hotfix.
Additionally, we want you to know that, while our investigations are early and ongoing, based on our investigations to date, we are not aware that this inserted vulnerability affects other versions of Orion Platform products. Also, while we are still investigating our non-Orion products, we have not seen any evidence that they are impacted by SUNBURST.
If you aren't sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfix updates you have applied, please go here.
If you cannot upgrade immediately, please follow the guidelines available here for your Orion Platform instance. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is required to operate your platform. Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers.
Known affected products: Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1, including:
Application Centric Monitor (ACM) Database Performance Analyzer Enterprise Operations Console (EOC) High Availability (HA) IP Address Manager (IPAM) Log Analyzer (LA) Network Automation Manager (NAM) Network Configuration Manager (NCM) Network Operations Manager (NOM) User Device Tracker (UDT) |
Network Performance Monitor (NPM) NetFlow Traffic Analyzer (NTA) Server & Application Monitor (SAM) Server Configuration Monitor (SCM) Storage Resource Monitor (SRM) Virtualization Manager (VMAN) VoIP & Network Quality Manager (VNQM) Web Performance Monitor (WPM) |
*NOTE: Please note DPAIM is an integration module and is not the same as Database Performance Analyzer (DPA), which we do not believe is affected.
SolarWinds products NOT KNOWN TO BE AFFECTED by this security vulnerability:
8Man Access Rights Manager (ARM) AppOptics Backup Document Backup Profiler Backup Server Backup Workstation CatTools Dameware Mini Remote Control Dameware Patch Manager Dameware Remote Everywhere Dameware Remote Manager Database Performance Analyzer (DPA) Database Performance Monitor (DPM) DNSstuff Engineer’s Toolset Engineer's Web Toolset FailOver Engine Firewall Security Monitor Identity Monitor ipMonitor Kiwi CatTools Kiwi Log Viewer Kiwi Syslog Server LANSurveyor Librato Log & Event Manager (LEM) Log and Event Manager Workstation Edition Loggly Mobile Admin Network Topology Mapper (NTM) Papertrail Patch Manager Pingdom Pingdom Server Monitor Security Event Manager (SEM) Security Event Manager Workstation Edition Server Profiler |
Service Desk Serv-U FTP Server Serv-U Gateway Serv-U MFT Server Storage Manager Storage Profiler Threat Monitor Virtualization Profiler Web Help Desk SQL Sentry DB Sentry V Sentry Win Sentry BI Sentry SentryOne Document SentryOne Test Task Factory DBA xPress Plan Explorer APS Sentry DW Sentry SQL Sentry Essentials SentryOne Monitor BI xPress
SolarWinds MSP Products: N-central – Probe N-central – Topology N-central – NetPath N-central NetPath – Server RMM Backup Disaster Recovery M365 Backup Backup Mail Assure SpamExperts MSP Manager PassPortal Take Control Patch Automation Manager Webprotection |
SolarWinds Security Advisory page at solarwinds.com/securityadvisory.
Watch this video to hear more from SolarWinds President and CEO, Kevin B. Thompson.