RSA has been made aware of a vulnerability within the SolarWinds® Orion® Platform software and the association of this vulnerability to the recently announced FireEye® “Red Team” offensive security toolset disclosure. The intent of this document is to keep RSA Customer’s informed of RSA’s response to the developing situation.
This page will be updated with relevant information, action and FAQs, as RSA receives such detail. Please check back here regularly for more information or direct concerns to your RSA Account Manager and/or RSA Customer Support representative.
At this point, our investigation has determined that RSA products do not use the SolarWinds Orion software affected by the SUNBURST vulnerability announced on December 13th, 2020. RSA will continue coordinating with SolarWinds and our vendors on implementing any appropriate countermeasures and monitoring for appropriate indicators.
On December 8th, 2020, FireEye announced that its custom “Red Team” offensive security toolsets had been obtained by an external advisory. Based on the disclosure, FireEye issued countermeasures which would identify if the toolset was in use to the public.
In response, RSA has taken action to ensure the indicators are included in our monitoring toolsets and processes for our corporate and customer SaaS environments. RSA will continue to regularly update these countermeasures based on FireEye’s guidance.
On December 13th, 2020 SolarWinds disclosed a backdoor vulnerability via SolarWinds.Orion.Core.Business.Layer.dll for SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 per their advisory. This vulnerability has been nicknamed SUNBURST.
In response, RSA performed the following actions:
Q: Does RSA use SolarWinds’ Orion software? If yes, have you identified any use of Solar Winds Orion vulnerable products (version 2019.4 HF5 – 2020.2 HF1)?
A: Based on our investigations, RSA has not utilized any of the known vulnerable versions of SolarWinds Orion. RSA Security does utilize SolarWinds’ products in some of its Product Line environments. At this time, we have confirmed the following:
Q: What are you plans and timelines for remediating the vulnerability on systems running SolarWinds Orion? Do you plan to upgrade to Orion 2020.2.1 HF1 (HF2 when available)? What is the target date for remediation?
A: RSA Security is already utilizing a non-vulnerable version of Orion, 2020.2.1 HF1. Plans for 2020.2.2 HF2 are under review but we do not have a target date at this time. We will share an updated timeline here if and as it becomes available.
Q: Do any of your connected Third Parties and/or Service Providers (SP) utilize the impacted versions of SolarWinds’ Orion software in connected networks that supports products and/or services?
A: RSA Security is actively confirming with our vendors but at this point we have not received notice of usage of the vulnerable versions of SolarWinds’ Orion software.
Q: What steps have you taken to scan, isolate and eradicate the potential malware resulting from Orion updates?
A: RSA Security has performed the following actions:
Q: Have you reviewed your environments for the Common Vulnerability Exposures (CVE)s that are utilized within the FireEye toolsets? If yes, what is the status of remediation of those vulnerabilities?
A: This investigation is currently under review.