SolarWinds ARM Flaw Let Attackers Execute Remote Code

SolarWinds has released their Access Rights Manager version 2023.2.3, in which several vulnerabilities associated with Deserialization and Directory Traversal leading to Remote code execution have been fixed. The CVEs of these vulnerabilities were assigned with

  • CVE-2023-40057 (Deserialization of Untrusted Data Remote Code Execution)
  • CVE-2023-23476 (Directory Traversal Remote Code Execution Vulnerability)
  • CVE-2023-23477 (Directory Traversal Remote Code Execution Vulnerability)
  • CVE-2023-23478 (Deserialization of Untrusted Data Remote Code Execution) and 
  • CVE-2023-23479 (Directory Traversal Remote Code Execution Vulnerability).

The severity for these vulnerabilities ranges between 7.9 (High) and 9.6 (Critical). Several organizations use Access Rights Manager to gather reports about who has access to data and when the data was accessed.

However, SolarWinds has credited multiple security researchers for reporting these vulnerabilities.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

SolarWinds ARM Flaw

Remote Code Execution in SolarWinds ARM : (CVE-2023-40057 and CVE-2024-23478)

These vulnerabilities existed in the SolarWinds Access Rights Manager, which allows an authenticated user to abuse a SolarWinds service that could result in remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2023-40057 (9.0 – Critical) and CVE-2023-23478 (8.0 – High). 

There was no additional information about this vulnerability provided by SolarWinds nor evidence of exploitation in the wild. SolarWinds also thanked Trend Micro Zero Day Initiative (ZDI) for responsibly disclosing this vulnerability.

Directory Traversal Remote Code Execution Vulnerability: (CVE-2024-23476, CVE-2024-23477 and CVE-2024-23479)

These vulnerabilities existed in the SolarWinds Access Rights Manager that could allow an unauthenticated user to perform a remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2024-23476 (9.6 – Critical), CVE-2024-23477 (7.9 – High), and CVE-2024-23479 (9.6 – Critical). 

Moreover, these vulnerabilities were credited to an Anonymous person working with Trend Micro Zero Day Initiative. However, there was no additional information about these vulnerabilities nor any evidence of exploitation of this vulnerability.

All of these vulnerabilities existed on SolarWinds Access Rights Manager 2023.2.2. SolarWinds urges all its users to upgrade to the latest version, 2023.2.3, to prevent these vulnerabilities from being exploited by threat actors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *