CVE-2021-25274

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform versions prior to 2020.2.4

Description: The issue concerns the Collector Service in the SolarWinds Orion Platform, which uses Microsoft Message Queue (MSMQ) and fails to set proper permissions on its private queues. This allows remote unauthenticated clients to send messages to TCP port 1801, which are then processed by the Collector Service. Furthermore, the service deserializes these messages in an insecure manner, enabling remote arbitrary code execution as LocalSystem.

Recommendations: For versions prior to 2020.2.4, update to version 2020.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1801 to minimize the risk of exploitation.