Remote Code Execution Vulnerabilities in SolarWinds Access Rights Manager (ARM) (CVE-2024-23469, CVE-2024-23467, CVE-2024-23471)

Published On: Jul 24, 2024 15:50

Advisory No: TZCERT-SA-24-0002

Source: SolarWinds

Software Affected: SolarWinds Access Rights Manager (ARM)

Overview

Critical vulnerabilities affect SolarWinds ARM. An attacker can leverage the vulnerabilities to execute remote arbitrary code on the affected device

Description

SolarWinds Access Rights Manager (ARM) is vulnerable to three (3) critical vulnerabilities all with 9.6 CSVV scores and tracked as CVE-2024-23469, CVE-2024-23467, CVE-2024-23471. Successful exploitation of these vulnerabilities allows an unauthenticated user to perform remote code execution with SYSTEM privileges

Impact

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution

SolarWinds has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident