Plattform
windows
Komponente
access-rights-manager
Behoben in
2023.2.5
CVE-2024-28993 represents a critical Directory Traversal and Information Disclosure vulnerability within the SolarWinds Access Rights Manager. This flaw allows unauthorized users, even without authentication, to perform arbitrary file deletion and potentially expose sensitive data stored on the system. The vulnerability impacts versions of Access Rights Manager prior to 2023.2.4, and a patch is available in version 2024-3.
The Directory Traversal vulnerability in SolarWinds Access Rights Manager poses a serious risk. An attacker exploiting this flaw can bypass access controls and navigate the file system, leading to the deletion of critical configuration files, logs, or even application binaries. The ability to leak sensitive information, such as database credentials or proprietary code, further amplifies the impact. Successful exploitation could result in complete system compromise, data exfiltration, and denial of service. This vulnerability is particularly concerning given the sensitive nature of the data often managed by Access Rights Manager.
CVE-2024-28993 was publicly disclosed on July 17, 2024. The vulnerability's ease of exploitation, combined with the potential for significant impact, warrants careful attention. There is currently no indication of active exploitation campaigns, but the availability of a public CVE increases the likelihood of future attacks. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on SolarWinds Access Rights Manager for access control and privilege management are particularly at risk. Environments with legacy configurations or those lacking robust network segmentation are also more vulnerable. Shared hosting environments utilizing Access Rights Manager should be prioritized for patching due to the increased risk of lateral movement.
• windows / supply-chain:
Get-ChildItem -Path "C:\Program Files\SolarWinds\Access Rights Manager\*" -Recurse -ErrorAction SilentlyContinue | Where-Object {$_.FullName -match '\\.'}• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4663 and SubjectUserName!=''" | Where-Object {$_.Message -match '\\.'}• generic web:
curl -I http://<target>/..///etc/passwddisclosure
patch
Exploit-Status
EPSS
0.64% (70% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-28993 is to upgrade SolarWinds Access Rights Manager to version 2024-3 or later. If immediate upgrading is not feasible, consider implementing temporary workarounds. Restrict network access to the Access Rights Manager server to only authorized personnel. Implement strict file system permissions to limit the impact of potential file deletion. Monitor system logs for suspicious activity, particularly attempts to access or modify files outside of expected directories. After upgrading, confirm the fix by attempting to access restricted files via the vulnerable endpoint and verifying that access is denied.
Actualice SolarWinds Access Rights Manager a la versión 2024-3 o posterior. La actualización corrige la vulnerabilidad de recorrido de directorio y divulgación de información. Consulte las notas de la versión para obtener instrucciones detalladas sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28993 is a vulnerability allowing unauthenticated attackers to delete files and leak information in SolarWinds Access Rights Manager versions before 2024-3.
You are affected if you are running SolarWinds Access Rights Manager versions prior to 2023.2.4. Upgrade to 2024-3 to mitigate the risk.
Upgrade to SolarWinds Access Rights Manager version 2024-3 or later. As a temporary workaround, restrict access via a WAF or proxy.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor security advisories.
Refer to the official SolarWinds security advisory on their website for detailed information and patching instructions.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.