Preface: SolarWinds Orion is an IT performance monitoring platform that helps businesses manage and optimize their IT infrastructure.
Vulnerability details: SolarWinds.Orion.Core.BusinessLayer.dll is signed by SolarWinds. However, when connection come from trusted vendor (valid signature ) which carry malware. Existing design do not have defense mechanism.
Impact: CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.