Plattform
solarwinds
Komponente
access-rights-manager
Behoben in
2023.2.5
CVE-2024-23468 identifies a Directory Traversal and Information Disclosure vulnerability within the SolarWinds Access Rights Manager. This flaw allows unauthenticated users to perform arbitrary file deletion and potentially leak sensitive data. The vulnerability impacts versions of Access Rights Manager up to and including 2023.2.4, and a patch is available in version 2024.3.
The Directory Traversal vulnerability allows an unauthenticated attacker to bypass access controls and interact directly with the file system. This means an attacker can not only read sensitive files containing configuration data, credentials, or proprietary information, but also delete critical files, disrupting system functionality. The potential for data exfiltration and denial-of-service is significant. Given the sensitive nature of Access Rights Manager, which often handles privileged access and security policies, a successful exploitation could have a widespread impact across the organization, enabling lateral movement and privilege escalation.
CVE-2024-23468 was publicly disclosed on July 17, 2024. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation due to the unauthenticated nature of the vulnerability suggests a high probability of exploitation. It is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Organizations utilizing SolarWinds Access Rights Manager, particularly those with older versions (≤2023.2.4) and exposed management interfaces, are at significant risk. Shared hosting environments where multiple customers share the same server instance are also particularly vulnerable, as an attacker could potentially exploit this vulnerability to impact other tenants.
• windows / supply-chain:
Get-ChildItem -Path "C:\Program Files\SolarWinds\Access Rights Manager\*" -Recurse -ErrorAction SilentlyContinue | Where-Object {$_.FullName -match '\\'} | Select-Object FullName• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4663 and SubjectUserName='*'" -MaxEvents 100 | Select-String -Pattern "SolarWinds Access Rights Manager"• generic web:
curl -I http://<target>/../../../../etc/passwd• generic web:
grep -i "solarwinds access rights manager" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.64% (70% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-23468 is to upgrade SolarWinds Access Rights Manager to version 2024.3 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting network access to the Access Rights Manager server to only authorized personnel. Review and tighten file system permissions to limit the impact of potential file deletion. Implement a Web Application Firewall (WAF) with rules to block directory traversal attempts, specifically targeting suspicious file paths and patterns. After upgrading, confirm the vulnerability is resolved by attempting a directory traversal request and verifying that access is denied.
Actualice SolarWinds Access Rights Manager a la versión 2024.3 o posterior. Esta actualización corrige la vulnerabilidad de recorrido de directorios y divulgación de información. Consulte las notas de la versión para obtener instrucciones detalladas sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23468 is a Directory Traversal vulnerability affecting SolarWinds Access Rights Manager versions up to 2023.2.4, allowing unauthenticated attackers to delete files and leak sensitive information.
You are affected if you are running SolarWinds Access Rights Manager version 2023.2.4 or earlier. Upgrade to 2024.3 or later to mitigate the risk.
Upgrade SolarWinds Access Rights Manager to version 2024.3 or later. As a temporary workaround, restrict network access and review file permissions.
There is currently no indication of active exploitation in the wild, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the official SolarWinds security advisory for detailed information and patching instructions: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.