Advisory May 23, 2024

SolarWinds ARM Vulnerability with CVE-2024-28075

The Obrela Threat Intelligence Team

A critical vulnerability with CVE-2024-28075 has been discovered in SolarWinds Access Rights Manager. The vulnerability allows an authenticated user to execute remote code on the affected system. The vulnerability has a Critical CVSS Base Score of 9 out of 10.

Description:

CVE-2024-3094 is a remote code execution vulnerability, meaning that an attacker who has valid credentials can exploit this vulnerability to run arbitrary code remotely.

The vulnerability allows an attacker with valid credentials to remotely run arbitrary code. This issue stems from inadequate input validation or insufficient security controls in the SolarWinds Access Rights Manager software. An authenticated user can manipulate certain inputs or parameters, causing unintended behavior. By exploiting this vulnerability, the attacker can inject malicious code, like shell commands, into the system, resulting in remote code execution. If successfully exploited, this can severely compromise the system or enable unauthorized access.

 Affected Versions:

The specific affected versions have not been mentioned by SolarWinds as of now.

Recommendations:

To address this critical vulnerability, it is strongly suggested to implement the following measures:

  • Ensure that you are running the latest version of SolarWinds Access Rights Manager, which is SolarWinds ARM 2023.2.4. Regularly check for security updates and apply them promptly. Also refer to SolarWinds’ official security advisories and documentation for specific guidance on addressing this vulnerability.
  • Limit access to the SolarWinds service to authorized users only. Review user permissions carefully.
  • Isolate the SolarWinds service from other critical systems to minimize the impact of potential attacks.
  • Implement robust monitoring and logging to detect any suspicious activity related to the SolarWinds service.

CYBERSECURITY SHIELD

References: