SolarWinds Orion is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands. Using the lack of permissions that the Collector Service set on its private queues, it is possible to remotely send messages that will be deserialized allowing to execute commands as SYSTEM.
CVE Link
Exploit Platform
Product Name