SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution

Posted by Author Diksha Ojha on Posted on

Security researchers at Trend Micro Zero Day Initiative discovered multiple vulnerabilities impacting SolarWinds Access Rights Manager (ARM). Successful exploitation of the vulnerabilities may allow the attackers to perform remote code execution on target systems.

CVE-2024-23476, CVE-2024-23479, and CVE-2023-40057 are given critical severity ratings and CVSS scores of 9.6, 9.6, and 9.0, respectively. CVE-2024-23477 and CVE-2024-23478 are given high severity ratings.

Access Rights Manager helps manage and audit access rights across IT infrastructure. The tool allows the impact of insider threats to be minimized and improves compliance by detecting changes.

CVE-2024-23476 & CVE-2024-23479: SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

The vulnerabilities arise from a directory traversal flaw that may allow an unauthenticated attacker to execute remote code.

CVE-2023-40057: SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability

An authenticated attacker may exploit the vulnerable SolarWinds service to perform remote code execution.

CVE-2024-23477: SolarWinds Access Rights Manager (ARM) Traversal Remote Code Execution Vulnerability

The vulnerabilities arise from a directory traversal flaw that may allow an unauthenticated attacker to execute remote code.

CVE-2024-23478: SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability

The vulnerability arises from a deserialization of untrusted data flaw that may allow an authenticated attacker to execute remote code.

Affected Versions

The vulnerabilities affect SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions.

Mitigation

Customers are advised to upgrade to SolarWinds Access Rights Manager (ARM) 2023.2.3 to patch the vulnerabilities.

For more information, please refer to the ARM 2023.2.3 Release Notes.

Qualys Detection

Qualys customers can scan their devices with QID 379386 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-40057
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23476
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23477
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23478
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23479
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm

Leave a Reply

Your email address will not be published. Required fields are marked *