Didn't know if anyone had seen this one:
Zero-Day Vulnerability on SolarWinds LEM Platform Identified by Digital Defense, Inc. | Business Wire
That doesn't sound too good..
No... not good at all. Thanks for posting this rharland2012.
Thank you for bringing this to our attention. Digital Defense alerted us of the vulnerability and are working to address this issue as quickly as possible.
If you are a current LEM customer, please start a support case from your customer portal so we can get you the fix as soon as it becomes available.
Note: Current best practices recommend network segmentation. If your LEM Manager is only an internally facing resource, this exploit can only be leveraged by an internal attack.
Done... thanks....
Thanks, Captain. I'll get on that now.
Update: This issue has been addressed in Log & Event Manager 6.2 HotFix 2. Available here: http://downloads.solarwinds.com/solarwinds/Release/HotFix/LEM-v6.2.0-HotFix2.zip
Thanks - got my support case updated as well. I appreciate the followup.
Was this hotfix applied to 6.2.1?
Yes. Both 6.2.0 hotfix1 and 6.2.0 hotfix2 were rolled up into 6.2.1.
You can view the Release Notes here SolarWinds Log & Event Manager 6.2.1 Release Notes
There were additional fixes for mounting shares and also a vulnerability fix as well.
Thanks!
The issue in the original post has been fixed in the current release.
Unfortunately, other issues have come up.....
Radioteacher - care to elaborate?
rharland2012 Please see the following Thwack thread.
Three known security issues in LEM 6.2.1
Thank you - I should have searched first!
wolram we had to re-run the 6.2.1 upgrade before installing the LEM 6.2.1-hotfix1.
LEM is now rated a "B" and it will go to an "A" when Development gets the Slowloris issue fixed/polished/masked/stomped.
This is quite an achievement and my executives are taking note of these latest changes in security posture.
Please thank all involved.
RT
