Plattform
solarwinds
Komponente
solarwinds-access-rights-manager
Behoben in
2023.2.5
CVE-2024-23472 describes a critical Directory Traversal vulnerability affecting SolarWinds Access Rights Manager (ARM). This flaw allows authenticated users to arbitrarily read and delete files within the ARM system, potentially leading to significant data breaches and system compromise. The vulnerability impacts versions of ARM up to and including 2023.2.4. A patch is available in version 2024-3.
The Directory Traversal vulnerability in SolarWinds ARM allows an authenticated user to bypass access controls and directly access files on the server's file system. This means an attacker could read sensitive configuration files, database credentials, or even application code. More concerningly, the vulnerability also permits file deletion, which could disrupt critical ARM functionality or even render the system unusable. The potential blast radius is significant, as compromised ARM instances often manage access to other critical systems and data. Successful exploitation could lead to complete system takeover and data exfiltration.
CVE-2024-23472 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. The vulnerability was publicly disclosed on July 17, 2024, and the patch was released around the same time. Given the critical CVSS score and the potential for significant impact, organizations should prioritize patching.
Organizations heavily reliant on SolarWinds Access Rights Manager for access control and privilege management are particularly at risk. This includes those with legacy ARM deployments or those who have not implemented strong access controls on the ARM web interface. Shared hosting environments where multiple customers share the same ARM instance are also at increased risk.
• solarwinds: Examine ARM logs for unusual file access patterns, particularly attempts to access files outside of the expected directory structure. Look for requests containing .. sequences in the file path.
Get-WinEvent -LogName Security -Filter "EventID=4663 -Message contains '..'">disclosure
patch
Exploit-Status
EPSS
7.46% (92% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-23472 is to upgrade SolarWinds Access Rights Manager to version 2024-3 or later, which contains the fix. If immediate upgrade is not possible, consider implementing temporary workarounds. Restrict access to the ARM web interface to only authorized personnel. Implement strict file access controls on the server hosting ARM, limiting the permissions of the ARM user account. Monitor ARM logs for suspicious activity, particularly attempts to access files outside of expected directories. After upgrading, confirm the vulnerability is resolved by attempting to access a file outside the intended directory via the ARM web interface; access should be denied.
Aktualisieren Sie SolarWinds Access Rights Manager auf Version 2024-3 oder höher. Das Update behebt die Directory Traversal Schwachstelle, die das Lesen und Löschen beliebiger Dateien ermöglicht. Weitere Informationen zur Aktualisierung finden Sie in den Versionshinweisen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23472 is a critical vulnerability allowing authenticated users to read and delete files on a SolarWinds Access Rights Manager server.
You are affected if you are using SolarWinds Access Rights Manager versions 2023.2.4 or earlier.
Upgrade to SolarWinds Access Rights Manager version 2024-3 or later to resolve the vulnerability.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official SolarWinds security advisory for detailed information and remediation steps: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.