SolarWinds ARM Flaw Let Attackers Execute Remote Code

SolarWinds has released their Access Rights Manager version 2023.2.3, in which several vulnerabilities associated with Deserialization and Directory Traversal leading to Remote code execution have been fixed. The CVEs of these vulnerabilities were assigned with

  • CVE-2023-40057 (Deserialization of Untrusted Data Remote Code Execution)
  • CVE-2023-23476 (Directory Traversal Remote Code Execution Vulnerability)
  • CVE-2023-23477 (Directory Traversal Remote Code Execution Vulnerability)
  • CVE-2023-23478 (Deserialization of Untrusted Data Remote Code Execution) and
  • CVE-2023-23479 (Directory Traversal Remote Code Execution Vulnerability).

The severity for these vulnerabilities ranges between 7.9 (High) and 9.6 (Critical). Several organizations use Access Rights Manager to gather reports about who has access to data and when the data was accessed.

However, SolarWinds has credited multiple security researchers for reporting these vulnerabilities.

Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

SolarWinds ARM Flaw

Remote Code Execution in SolarWinds ARM : (CVE-2023-40057 and CVE-2024-23478)

These vulnerabilities existed in the SolarWinds Access Rights Manager, which allows an authenticated user to abuse a SolarWinds service that could result in remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2023-40057 (9.0 – Critical) and CVE-2023-23478 (8.0 – High). 

There was no additional information about this vulnerability provided by SolarWinds nor evidence of exploitation in the wild. SolarWinds also thanked Trend Micro Zero Day Initiative (ZDI) for responsibly disclosing this vulnerability.

Directory Traversal Remote Code Execution Vulnerability: (CVE-2024-23476, CVE-2024-23477 and CVE-2024-23479)

These vulnerabilities existed in the SolarWinds Access Rights Manager that could allow an unauthenticated user to perform a remote code execution on the vulnerable instance. The severity for these vulnerabilities has been given as CVE-2024-23476 (9.6 – Critical), CVE-2024-23477 (7.9 – High), and CVE-2024-23479 (9.6 – Critical). 

Moreover, these vulnerabilities were credited to an Anonymous person working with Trend Micro Zero Day Initiative. However, there was no additional information about these vulnerabilities nor any evidence of exploitation of this vulnerability.

All of these vulnerabilities existed on SolarWinds Access Rights Manager 2023.2.2. SolarWinds urges all its users to upgrade to the latest version, 2023.2.3, to prevent these vulnerabilities from being exploited by threat actors.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

5 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

5 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

5 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

5 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago