Advisory No: TZCERT/SA/2024/07/19-3
Date of First Release: 19th July 2024
Source: SolarWinds
Software Affected: SolarWinds Access Rights Manager (ARM)
Overview:
Critical vulnerabilities affect SolarWinds ARM. An attacker can leverage the vulnerabilities to execute remote arbitrary code on the affected device.
Description:
SolarWinds Access Rights Manager (ARM) is vulnerable to three (3) critical vulnerabilities all with 9.6 CSVV scores and tracked as CVE-2024-23469, CVE-2024-23467, CVE-2024-23471. Successful exploitation of these vulnerabilities allows an unauthenticated user to perform remote code execution with SYSTEM privileges.
Impact:
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Solution:
SolarWinds has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References: