Mitigate now: Another CRITICAL Vulnerability Discovered in Solar Winds Orion Platform

Orion has published a networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE).

Chief among them is a JSON de-serialization vulnerability that allows an authenticated user to execute arbitrary code. It has been rated critical in severity.

CVE-2020-35856 - CVE-2021-3109