SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products runThis attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.

The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) issued Emergency Directive 21-01 regarding the SUNBURST vulnerability on December 13, 2020. CERT issued Alert (AA20-352A), titled Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, as an update to ED 21-01 on December 17, 2020, based on our coordination with the agency.

A Frequently Asked Questions (FAQ) page is available here, and we intend to update this page as we learn more information.

First, we want to assure you we’ve removed the software builds known to be affected by SUNBURST from our download sites. 

We recommend taking the following steps related to your use of the SolarWinds Orion Platform:

SolarWinds asks customers with any of the below products listed as known affected for Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 as soon as possible to better ensure the security of your environment. This version is currently available at customerportal.solarwinds.comHotfix installation instructions are available in the 2020.2.1 HF 2 Release notes here.

SolarWinds asks customers with any of the below products listed as known affected for Orion Platform v2019.4 HF 5 to update to Orion Platform 2019.4 HF 6, which is available at customerportal.solarwinds.comHotfix installation instructions are available in the 2019.4 HF 6 Release Notes here.

All hotfix updates are cumulative and can be installed from any earlier version. There is no need to install previously released hotfix updates.

If you are running a version prior or equal to Orion Platform version 2019.4 HF 4, we do not believe that your system was compromised with this vulnerability and therefore are not recommending that any action is required to protect against this vulnerability. 

You may need to synchronize your license prior to applying the hotfix. Please follow the steps here to kick off the synchronization of your license.

If you have disabled outward communication from your Orion license, please follow the "Activate License Offline" section from here

Once you have successfully synched your license, please run the installer to install the hotfix.

Additionally, we want you to know that, while our investigations are early and ongoing, based on our investigations to date, we are not aware that this inserted vulnerability affects other versions of Orion Platform products. Also, while we are still investigating our non-Orion products, we have not seen any evidence that they are impacted by SUNBURST.

If you aren't sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfix updates you have applied, please go here.

If you cannot upgrade immediately, please follow the guidelines available here for your Orion Platform instance. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is required to operate your platform. Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers. 

Known affected products: Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1, including:

Application Centric Monitor (ACM)

Database Performance Analyzer
Integration Module* (DPAIM*)

Enterprise Operations Console (EOC)

High Availability (HA)

IP Address Manager (IPAM)

Log Analyzer (LA)

Network Automation Manager (NAM)

Network Configuration Manager (NCM)

Network Operations Manager (NOM)

User Device Tracker (UDT)

Network Performance Monitor (NPM)

NetFlow Traffic Analyzer (NTA)

Server & Application Monitor (SAM)

Server Configuration Monitor (SCM)

Storage Resource Monitor (SRM)

Virtualization Manager (VMAN)

VoIP & Network Quality Manager (VNQM)

Web Performance Monitor (WPM)

 

*NOTE: Please note DPAIM is an integration module and is not the same as Database Performance Analyzer (DPA), which we do not believe is affected.

SolarWinds products NOT KNOWN TO BE AFFECTED by this security vulnerability:

8Man

Access Rights Manager (ARM)

AppOptics

Backup Document            

Backup Profiler

Backup Server    

Backup Workstation        

CatTools

Dameware Mini Remote Control

Dameware Patch Manager           

Dameware Remote Everywhere

Dameware Remote Manager        

Database Performance Analyzer (DPA)

Database Performance Monitor (DPM)

DNSstuff             

Engineer’s Toolset 

Engineer's Web Toolset

FailOver Engine

Firewall Security Monitor       

Identity Monitor               

ipMonitor            

Kiwi CatTools

Kiwi Log Viewer

Kiwi Syslog Server

LANSurveyor

Librato

Log & Event Manager (LEM)

Log and Event Manager Workstation Edition 

Loggly

Mobile Admin

Network Topology Mapper (NTM)

Papertrail

Patch Manager  

Pingdom

Pingdom Server Monitor

Security Event Manager (SEM)

Security Event Manager Workstation Edition

Server Profiler

Service Desk

Serv-U FTP Server

Serv-U Gateway

Serv-U MFT Server

Storage Manager

Storage Profiler

Threat Monitor 

Virtualization Profiler

Web Help Desk    

SQL Sentry 

DB Sentry

V Sentry

Win Sentry

BI Sentry 

SentryOne Document 

SentryOne Test

Task Factory

DBA xPress

Plan Explorer

APS Sentry

DW Sentry

SQL Sentry Essentials

SentryOne Monitor

BI xPress

 

 

SolarWinds MSP Products:

N-central – Probe

N-central – Topology

N-central – NetPath

N-central

NetPath – Server

RMM

Backup Disaster Recovery

M365 Backup

Backup

Mail Assure

SpamExperts

MSP Manager

PassPortal

Take Control

Patch

Automation Manager

Webprotection

 

SolarWinds Security Advisory page at solarwinds.com/securityadvisory.

Security Advisory FAQ Link

Watch this video to hear more from SolarWinds President and CEO, Kevin B. Thompson.