WARNING: DIRECTORY TRAVERSAL REMOTE CODE EXECUTION VULNERABILITIES IN SOLARWINDS ACCESS RIGHTS MANAGER, PATCH IMMEDIATELY!
CVE-2023-40057: CVSS 9.0 (CVSS:3.1/AV:N/AC:NA/PR:LUI:N/S:U/C:H/I:H/A:H)
CVE-2024-23476: CVSS 9.6 (CVSS:3.1/AV:N/AC:NA/PR:N/UI:N/S:U/C:H/I:H /A:H)
CVE-2024-23477: CVSS 7.9 (CVSS:3.1/AV:N/AC:NA/PR:N/UI:N/S:U/C:H /I:H/A:H)
CVE-2024-23478: CVSS 8.0 (CVSS:3.1/AV:N/AC:NA/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-23479: CVSS 9.6 (CVSS:3.1/AV:N/AC:NA/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Solwarwinds Security Advisory - https://documentation.solarwinds.com/en/success_center/arm/content/relea...
Risks
CVE-2024-23476, CVE-2024-23479 and CVE-2024-23477 are path traversal vulnerabilities. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. Exploitation of these vulnerabilities could lead to RCE and a complete compromise of the machine.
CVE-2023-40057 and CVE-2024-23478 are Deserialization of untrusted data vulnerabilities. This means that the SolarWinds ARM product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. This could lead to RCE and a complete compromise of the system.
Description
SolarWinds Access Rights Manager helps Manage and audit access rights across your IT infrastructure.
CVE-2024-23476, CVE-2024-23479 and CVE-2024-23477 are all “Directory
traversal”[1vulnerabilities in SolarWinds ARM that could lead to Remote Code Execution. The remote attacker does not need privileges or any user interaction the exploit these vulnerabilities.
CVE-2023-40057 and CVE-2024-23478 are both “Deserialization of Untrusted Data”[2] vulnerabilities in SolarWinds ARM that could lead to Remote Code Execution. The remote attacker needs low privileges to be able to exploit these vulnerabilities.
Successful exploitation of any of these vulnerabilities can lead to Remote Code Execution which highly impacts the Confidentiality, Integrity and availability of the compromised devices.
Vulnerable software
- SolarWinds Access Rights Manager 2023.2
Recommended Actions
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Patch
Follow the guidelines provided by SolarWinds in their security advisory ( https://documentation.solarwinds.com/en/success_center/arm/content/relea...).
Mitigate
It is important to ensure that SolarWinds ARM is not installed on a publicly accessible server. If this would be absolutely required, it is advised to put the server behind a VPN-solution.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security online - CVE-2024-23476 & 23479: Pre-Authentication RCE Flaws Found in SolarWinds ARM (securityonline.info)
NVD - https://nvd.nist.gov/vuln/detail/CVE-2023-40057
NVD - https://nvd.nist.gov/vuln/detail/CVE-2024-23476
NVD - https://nvd.nist.gov/vuln/detail/CVE-2024-23477