SolarWinds Orion Vulnerability
Learn more about the recent SolarWinds Orion Vulnerability here: https://www.sonicwall.com/support/product-notification/201215115842243/
SonicWall also has confirmed it is not using a vulnerable SolarWinds Orion product and is not impacted by this threat.
SonicWall Capture Labs threat researchers have investigated the vulnerability and published four signatures that identify malicious activity against affected SolarWinds Orion versions, and two additional application notifications that detect if an organization has SolarWinds Orion deployed within its network. These signatures are applied automatically to SonicWall firewalls with active security subscriptions:
- 15292: BACKDOOR SolarWinds Supply Chain Malware Activity 1
- 15293: BACKDOOR SolarWinds Supply Chain Malware Activity 2
- 15294: BACKDOOR SolarWinds Supply Chain Malware Activity 3
- 15295: BACKDOOR SolarWinds Supply Chain Malware Activity 4
- 15296: BUSINESS-APPS SolarWinds Orion (API Activity)
- 2014: BUSINESS-APPS SolarWinds Orion (Update Activity)
🖐️ Sr. Manager, Web and Digital, SonicWall. Say "hi" by tagging me at @micah.