Platform
solarwinds
Component
access-rights-manager
Fixed in
2023.2.5
CVE-2024-23467 describes a Remote Code Execution (RCE) vulnerability discovered in SolarWinds Access Rights Manager. This critical flaw allows an unauthenticated attacker to execute arbitrary code on the affected system, potentially leading to complete system compromise. The vulnerability impacts versions of SolarWinds Access Rights Manager up to and including 2023.2.4, and a patch is available in version 2024.3.
The impact of CVE-2024-23467 is severe due to the ease of exploitation and the potential for complete system takeover. An unauthenticated attacker can leverage this vulnerability to execute arbitrary code without needing any credentials. This could involve installing malware, stealing sensitive data, modifying system configurations, or establishing a persistent foothold within the network. The lack of authentication requirements significantly broadens the attack surface, making virtually any system running the vulnerable version of Access Rights Manager a potential target. Successful exploitation could lead to data breaches, denial of service, and lateral movement within the network, potentially affecting other systems and data stores. Given SolarWinds' prominence and the criticality of Access Rights Manager, this vulnerability represents a significant risk.
CVE-2024-23467 was publicly disclosed on July 17, 2024. The vulnerability's ease of exploitation and the critical nature of the affected product suggest a high probability of exploitation. While no active campaigns have been publicly confirmed as of this writing, the lack of authentication requirements makes it a prime target for opportunistic attackers. Monitor security advisories and threat intelligence feeds for any indications of exploitation. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
3.39% (87% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-23467 is to upgrade SolarWinds Access Rights Manager to version 2024.3 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds. While a direct WAF rule is unlikely to be effective against this type of vulnerability, strict network segmentation and access control policies can limit the potential blast radius. Monitor Access Rights Manager logs for unusual activity, particularly attempts to access files outside of the designated directory structure. After upgrading, confirm the vulnerability is resolved by attempting to trigger the directory traversal path and verifying that access is denied.
Update SolarWinds Access Rights Manager to version 2024.3 or later. The update addresses the directory traversal and remote code execution vulnerability. See the release notes for detailed upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-23467 is a critical Remote Code Execution vulnerability in SolarWinds Access Rights Manager versions up to 2023.2.4, allowing unauthenticated attackers to execute code.
You are affected if you are running SolarWinds Access Rights Manager versions 2023.2.4 or earlier. Check your version against the affected range.
Upgrade to SolarWinds Access Rights Manager version 2024.3 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like network segmentation.
While no active campaigns have been publicly confirmed, the ease of exploitation suggests a high probability of exploitation. Monitor security advisories.
Refer to the official SolarWinds security advisory for detailed information and mitigation steps: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.