Thursday, July 18, 2024

SolarWinds ARM Flaw Let Attackers Execute Remote Code

SolarWinds has released their Access Rights Manager version 2023.2.3, in which several vulnerabilities associated with Deserialization and Directory Traversal leading to Remote code execution have been fixed. The CVEs of these vulnerabilities were assigned with

  • CVE-2023-40057 (Deserialization of Untrusted Data Remote Code Execution)
  • CVE-2023-23476 (Directory Traversal Remote Code Execution Vulnerability)
  • CVE-2023-23477 (Directory Traversal Remote Code Execution Vulnerability)
  • CVE-2023-23478 (Deserialization of Untrusted Data Remote Code Execution) and 
  • CVE-2023-23479 (Directory Traversal Remote Code Execution Vulnerability).

The severity for these vulnerabilities ranges between 7.9 (High) and 9.6 (Critical). Several organizations use Access Rights Manager to gather reports about who has access to data and when the data was accessed.

However, SolarWinds has credited multiple security researchers for reporting these vulnerabilities.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

SolarWinds ARM Flaw

Remote Code Execution in SolarWinds ARM : (CVE-2023-40057 and CVE-2024-23478)

These vulnerabilities existed in the SolarWinds Access Rights Manager, which allows an authenticated user to abuse a SolarWinds service that could result in remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2023-40057 (9.0 – Critical) and CVE-2023-23478 (8.0 – High). 

There was no additional information about this vulnerability provided by SolarWinds nor evidence of exploitation in the wild. SolarWinds also thanked Trend Micro Zero Day Initiative (ZDI) for responsibly disclosing this vulnerability.

Directory Traversal Remote Code Execution Vulnerability: (CVE-2024-23476, CVE-2024-23477 and CVE-2024-23479)

These vulnerabilities existed in the SolarWinds Access Rights Manager that could allow an unauthenticated user to perform a remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2024-23476 (9.6 – Critical), CVE-2024-23477 (7.9 – High), and CVE-2024-23479 (9.6 – Critical). 

Moreover, these vulnerabilities were credited to an Anonymous person working with Trend Micro Zero Day Initiative. However, there was no additional information about these vulnerabilities nor any evidence of exploitation of this vulnerability.

All of these vulnerabilities existed on SolarWinds Access Rights Manager 2023.2.2. SolarWinds urges all its users to upgrade to the latest version, 2023.2.3, to prevent these vulnerabilities from being exploited by threat actors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...

Cybercriminals Exploit Attack on Donald Trump for Crypto Scams

Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet...

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

HTTP Request Smuggling is a flaw in web security that is derived from variations...

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles