Overview

Critical vulnerabilities affect SolarWinds ARM. An attacker can leverage the vulnerabilities to execute remote arbitrary code on the affected device

Description

SolarWinds Access Rights Manager (ARM) is vulnerable to three (3) critical vulnerabilities all with 9.6 CSVV scores and tracked as CVE-2024-23469, CVE-2024-23467, CVE-2024-23471. Successful exploitation of these vulnerabilities allows an unauthenticated user to perform remote code execution with SYSTEM privileges

Impact

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution

SolarWinds has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23469
• 2. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23467
• 3. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23471