SolarWinds Releases Critical Security Updates for Access Rights Manager

Updates address eight critical and five high severity vulnerabilities

Threat ID:: CC-4528
Threat Severity:: Medium
Published:: 19 July 2024 2:41 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Updates address eight critical and five high severity vulnerabilities

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 2024.3

SolarWinds Access Rights Manager

Threat details

Introduction

SolarWinds has released thirteen security advisories that address eight critical and five high severity vulnerabilities. Some of these vulnerabilities relate to remote code execution (RCE), information disclosure, authentication bypass, and arbitrary file deletion.

Remediation advice

Affected organisations are encouraged to update to SolarWinds ARM 2024.3 and review the following advisories.

Remediation steps

Type	Step
Patch	SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-23475) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23475
Patch	SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-28992) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28992
Patch	SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-23468) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23468
Patch	SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23472
Patch	SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28074
Patch	SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability (CVE-2024-23469) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23469
Patch	SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability (CVE-2024-23465) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23465
Patch	SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-28993) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28993
Patch	SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23466) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23466
Patch	SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability (CVE-2024-23470) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23470
Patch	SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23474) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23474
Patch	SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23471) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23471
Patch	SolarWinds Access Rights Manager Traversal Remote Code Execution Vulnerability (CVE-2024-23467) https://www.solarwinds.com/trust-center/security-advisories/cve-2024-23467

Definitive source of threat updates

https://www.solarwinds.com/trust-center/security-advisories

CVE Vulnerabilities

Status Published

CVE-2024-23475

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

Status Published

CVE-2024-28992

Status Published

CVE-2024-23468

Status Published

CVE-2024-23472

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.

Status Published

CVE-2024-28074

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.

Status Published

CVE-2024-23469

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.

Status Published

CVE-2024-23465

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.

Status Published

CVE-2024-23467

Status Published

CVE-2024-28993

Status Published

CVE-2024-23466

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.

Status Published

CVE-2024-23470

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.

Status Published

CVE-2024-23474

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.

Status Published

CVE-2024-23471

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

Last edited: 19 July 2024 2:41 pm