Platform
solarwinds
Component
solarwinds-access-rights-manager
Fixed in
2023.2.5
CVE-2024-23472 describes a critical Directory Traversal vulnerability affecting SolarWinds Access Rights Manager (ARM). This flaw allows authenticated users to arbitrarily read and delete files within the ARM system, potentially leading to significant data breaches and system compromise. The vulnerability impacts versions of ARM up to and including 2023.2.4. A patch is available in version 2024-3.
The Directory Traversal vulnerability in SolarWinds ARM allows an authenticated user to bypass access controls and directly access files on the server's file system. This means an attacker could read sensitive configuration files, database credentials, or even application code. More concerningly, the vulnerability also permits file deletion, which could disrupt critical ARM functionality or even render the system unusable. The potential blast radius is significant, as compromised ARM instances often manage access to other critical systems and data. Successful exploitation could lead to complete system takeover and data exfiltration.
CVE-2024-23472 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. The vulnerability was publicly disclosed on July 17, 2024, and the patch was released around the same time. Given the critical CVSS score and the potential for significant impact, organizations should prioritize patching.
Exploit Status
EPSS
7.46% (92% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-23472 is to upgrade SolarWinds Access Rights Manager to version 2024-3 or later, which contains the fix. If immediate upgrade is not possible, consider implementing temporary workarounds. Restrict access to the ARM web interface to only authorized personnel. Implement strict file access controls on the server hosting ARM, limiting the permissions of the ARM user account. Monitor ARM logs for suspicious activity, particularly attempts to access files outside of expected directories. After upgrading, confirm the vulnerability is resolved by attempting to access a file outside the intended directory via the ARM web interface; access should be denied.
Update SolarWinds Access Rights Manager to version 2024-3 or later. The update addresses the directory traversal vulnerability that allows arbitrary file reading and deletion. See the release notes for detailed upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-23472 is a critical vulnerability allowing authenticated users to read and delete files on a SolarWinds Access Rights Manager server.
You are affected if you are using SolarWinds Access Rights Manager versions 2023.2.4 or earlier.
Upgrade to SolarWinds Access Rights Manager version 2024-3 or later to resolve the vulnerability.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official SolarWinds security advisory for detailed information and remediation steps: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.