Security Advisory – SUNBURST and SUPERNOVA - SolarWinds Orion vulnerability – Updated December 21, 2020
Overview
On December 13, 2020, the Cybersecurity & Infrastructure Agency (CISA) released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise. SolarWinds was the victim of a cyberattack that inserted a vulnerability into its Orion Software which, if present, could potentially allow an attacker to compromise the server on which the Orion products run.
Sometime in early 2020, a breach of the supply-chain side of the SolarWinds® Orion® IT Monitoring Platform resulted in the introduction of malicious code. Per SolarWinds®, this code has been identified as present in several Orion® builds, starting with version 2019.4 HF5 through 2020.2 HF1, released between March 2020 and June 2020.
SolarWinds Orion is used mainly by IT professionals to monitor networks.
EX LIBRIS CLOUD SERVICES DOES NOT USE SOLARWINDS ORION PRODUCTS.
References
Effective Security Severity Level
Critical
Affected Systems
No Ex Libris Cloud solutions or SaaS infrastructure utilizes SOLARWINDS Orion.
Actions Taken for Hosted Systems
None.
EX LIBRIS CLOUD SERVICES DOES NOT USE SOLARWINDS ORION PRODUCTS.
Required Actions for On-Premises and Local Systems
If you use SloarWinds Orion in your environment, Ex Libris recommends following SolarWinds’ instructions found on their site: https://www.solarwinds.com/securityadvisory.
Exploitation and Public Announcements
The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Record of Changes
Type of information | Document Data |
---|---|
Document Title: |
Security Advisory – SUNBURST - SolarWinds Orion vulnerability – Updated December 21, 2020 |
Document Owner: |
Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO) |
Approved by: |
Barak Rozenblat – VP Cloud Services |
Issued: |
Dec 21, 2020 |
Reviewed & Revised: |
Dec 21, 2020 |
Revision Control
Version Number | Nature of Change | Date Approved |
---|---|---|
Initial version |
Dec 21, 2020 |
|
1.1 | Update | Dec 21, 2020 |
Document Distribution and Review
The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver