CVE-2020-10148 RCE – Active Exploit

Rapid7 is tracking an active exploit campaign for SolarWinds CVE-2020-10148. This is a remote code execution weakness in the Orion API, for which patches are available.

Reference:

https://kb.cert.org/vuls/id/843464

https://attackerkb.com/topics/oOQnGlyZAN/cve-2020-10148-solarwinds-orion-api-authentication-bypass-and-rce#rapid7-analysis

https://www.solarwinds.com/securityadvisory