Plattform
windows
Komponente
access-rights-manager
Behoben in
2023.2.3
CVE-2024-23477 describes a Remote Code Execution (RCE) vulnerability discovered in SolarWinds Access Rights Manager (ARM). This flaw allows an unauthenticated attacker to leverage a directory traversal vulnerability to execute arbitrary code on the affected system. Versions of ARM prior to 2023.2.2 are vulnerable, and SolarWinds has released a patch in version 2023.2.2.
Successful exploitation of CVE-2024-23477 grants an attacker complete control over the affected system. An unauthenticated user can leverage the directory traversal vulnerability to read and potentially write files outside of the intended directory, leading to arbitrary code execution. This could involve installing malware, stealing sensitive data, or pivoting to other systems on the network. The blast radius extends to any data accessible by the ARM process, potentially including credentials, configuration files, and audit logs. The lack of authentication makes this vulnerability particularly concerning as it requires no prior access or credentials.
CVE-2024-23477 was publicly disclosed on February 15, 2024. The vulnerability's ease of exploitation and lack of authentication requirements suggest a potentially high probability of exploitation. No KEV listing or public proof-of-concept (POC) are currently available, but the severity and accessibility of the vulnerability warrant close monitoring. Refer to the SolarWinds advisory for further details.
Organizations utilizing SolarWinds Access Rights Manager to manage user access and permissions are at significant risk. This includes those with legacy deployments of older ARM versions and those who have not implemented robust network segmentation or access controls. Shared hosting environments where multiple tenants share the same server are also particularly vulnerable.
• windows / supply-chain:
Get-Process -Name "AccessRightsManager" | Select-Object ProcessId, CommandLine• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 4688 -MessageText like '%AccessRightsManager%'" | Select-Object TimeCreated, Message• windows / supply-chain: Check Autoruns for unusual entries related to Access Rights Manager or suspicious file paths.
disclosure
patch
Exploit-Status
EPSS
1.41% (80% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-23477 is to upgrade SolarWinds Access Rights Manager to version 2023.2.2 or later. If immediate upgrading is not possible, consider implementing strict access controls to limit network access to the ARM server. Review and restrict file permissions within the ARM installation directory to minimize the potential impact of a successful exploit. Monitor system logs for unusual activity, particularly attempts to access files outside of the expected ARM directories. While a WAF might offer limited protection, it's not a substitute for patching.
Actualice SolarWinds Access Rights Manager a la última versión disponible proporcionada por el proveedor. Consulte el aviso de seguridad de SolarWinds para obtener instrucciones específicas sobre la actualización y mitigar la vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23477 is a Remote Code Execution vulnerability in SolarWinds Access Rights Manager allowing unauthenticated attackers to execute code. It has a CVSS score of 7.9 (HIGH).
You are affected if you are running SolarWinds Access Rights Manager versions prior to 2023.2.2. Check your version and upgrade immediately.
Upgrade to SolarWinds Access Rights Manager version 2023.2.2 or later. Implement temporary workarounds if immediate upgrade is not possible.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation suggests a high probability of exploitation.
Refer to the official SolarWinds security advisory for detailed information and remediation steps: [https://www.solarwinds.com/securityadvisories/swa-20240215-01](https://www.solarwinds.com/securityadvisories/swa-20240215-01)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.