Warning: Multiple Critical Vulnerabilities In SolarWinds Access Rights Manager (ARM), Patch Immediately!
CVE-2024-23465 :CVSS 8.3(CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23466 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23467 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23468 :CVSS 7.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVE-2024-23469 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23470 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23471 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23472 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-23474 :CVSS 7.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVE-2024-23475 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-28074 :CVSS 9.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-28992 :CVSS 7.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVE-2024-28993 :CVSS 7.6(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
Sources
Risks
Trend Micro's Zero Day Initiative has discovered several high and critical severity vulnerabilities in the SolarWinds Access Right Manager (ARM.) Successful exploitation of these vulnerabilities could lead to arbitrary code execution and a complete compromise of the system.
SolarWinds ARM provides Microsoft Active Directory integration and role-based access control. SolarWinds ARM is used to manage and audit user access rights to systems, data, and files. Compromise of this system could have severe impact on your organization, and potentially lead to data theft, extortion, and ransomware. The integration with Active Directory makes this a high value target for attackers that manage to breach your perimeter.
Description
CVE-2024-23472; CVE-2024-23475
CVSS 9.6, Critical, Information Disclosure Vulnerability.
These vulnerabilities allow attackers to delete and leak sensitive information.
CVE-2024-23466; CVE-2024-23467; CVE-2024-23469; CVE-2024-23470; CVE-2024-23471; CVE-2024-28074
CVSS 9.6, Critical, Remote Code Execution Vulnerability.
These vulnerabilities allows unauthenticated attackers to execute arbitrary code on the system and with SYSTEM privileges.
CVE-2024-23465
CVSS 8.3, High, Authentication Bypass Vulnerability.
This vulnerability allows for an attacker to gain admin access within the Active Directory environment.
CVE-2024-23468; CVE-2024-23474; CVE-2024-28992; CVE-2024-28993
CVSS 7.6, High, Information Disclosure Vulnerability
These vulnerabilities allow attackers to delete and leak sensitive information.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update to version 2024.3 or newer. More information can be found in the SolarWinds Advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Security Online:https://securityonline.info/solarwinds-patches-multiple-critical-vulnerabilities-in-access-rights-manager/
CCB (Previous Advisory): https://cert.be/nl/advisory/warning-multiple-critical-vulnerabilities-affect-solarwinds-access-rights-manager-tool