Plattform
solarwinds
Komponente
access-rights-manager
Behoben in
2023.2.5
CVE-2024-23474 identifies a Directory Traversal vulnerability within the SolarWinds Access Rights Manager. This flaw allows unauthorized users to potentially delete arbitrary files and expose sensitive information on the system. The vulnerability impacts versions of the software up to and including 2023.2.4, and a patch is available in version 2024.3.
Successful exploitation of CVE-2024-23474 could allow an attacker to gain unauthorized access to sensitive files on the system hosting SolarWinds Access Rights Manager. This could include configuration files, user credentials, or other proprietary data. The ability to delete arbitrary files presents a significant risk of data loss and system instability. Depending on the permissions of the account used to exploit the vulnerability, the attacker could potentially escalate their privileges and gain control of the entire system. While no specific real-world exploitation has been publicly reported, the potential for significant impact warrants immediate attention.
CVE-2024-23474 was publicly disclosed on July 17, 2024. The vulnerability is not currently listed on the CISA KEV catalog. No public proof-of-concept exploits have been published at the time of writing, but the ease of exploitation inherent in directory traversal vulnerabilities suggests a potential for rapid exploitation if left unpatched. The vulnerability's impact, combined with the potential for widespread deployment of SolarWinds Access Rights Manager, makes it a high-priority concern.
Organizations heavily reliant on SolarWinds Access Rights Manager for access control and privilege management are particularly at risk. Environments with legacy configurations or those using shared hosting models where file system access is less controlled are also more vulnerable. Any deployment utilizing older, unpatched versions of Access Rights Manager (≤2023.2.4) is directly exposed to this vulnerability.
• windows / supply-chain:
Get-ChildItem -Path "C:\Program Files\SolarWinds\Access Rights Manager\*" -Recurse | Where-Object {$_.FullName -match '\\'} | Select-Object FullName• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4663" -MaxEvents 100 | Select-String -Pattern "C:\Program Files\SolarWinds\Access Rights Manager"• generic web:
curl -I http://<target>/../../../../etc/passwd• generic web:
grep "Access Rights Manager" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.06% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-23474 is to upgrade SolarWinds Access Rights Manager to version 2024.3 or later. If immediate upgrading is not possible, consider implementing temporary workarounds. Restrict access to the Access Rights Manager web interface to trusted users only. Review and harden file system permissions to limit the impact of potential file deletion. Monitor system logs for suspicious activity, particularly attempts to access or modify files outside of the expected directories. After upgrading, confirm the vulnerability is resolved by attempting to access a file outside the intended directory and verifying that access is denied.
Actualice SolarWinds Access Rights Manager a la versión 2024.3 o posterior. Esta actualización corrige la vulnerabilidad de eliminación arbitraria de archivos y divulgación de información.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23474 is a Directory Traversal vulnerability affecting SolarWinds Access Rights Manager versions up to 2023.2.4, allowing attackers to potentially delete files and disclose information.
You are affected if you are using SolarWinds Access Rights Manager versions 2023.2.4 or earlier. Upgrade to 2024.3 to mitigate the risk.
The recommended fix is to upgrade to SolarWinds Access Rights Manager version 2024.3 or later. Implement WAF rules as a temporary workaround.
While no public exploits are currently available, the nature of the vulnerability suggests a medium probability of exploitation.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.