Platform
windows
Component
access-rights-manager
Fixed in
2023.2.3
CVE-2024-23477 describes a Remote Code Execution (RCE) vulnerability discovered in SolarWinds Access Rights Manager (ARM). This flaw allows an unauthenticated attacker to leverage a directory traversal vulnerability to execute arbitrary code on the affected system. Versions of ARM prior to 2023.2.2 are vulnerable, and SolarWinds has released a patch in version 2023.2.2.
Successful exploitation of CVE-2024-23477 grants an attacker complete control over the system running SolarWinds Access Rights Manager. This includes the ability to install malware, steal sensitive data, and potentially pivot to other systems within the network. Given ARM's role in managing access rights, a compromised system could lead to widespread privilege escalation and data breaches. The unauthenticated nature of the exploit significantly lowers the barrier to entry for attackers, increasing the potential for widespread exploitation. This vulnerability shares similarities with other directory traversal exploits where attackers can bypass security controls to access unauthorized files and execute commands.
CVE-2024-23477 was publicly disclosed on February 15, 2024. The vulnerability's ease of exploitation and the critical nature of SolarWinds products suggest a high probability of exploitation. While no confirmed active exploitation campaigns have been publicly reported as of this writing, the vulnerability is likely being actively scanned and targeted. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
1.41% (80% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-23477 is to immediately upgrade SolarWinds Access Rights Manager to version 2023.2.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the ARM server and implementing strict input validation on any user-supplied data. Monitor system logs for suspicious activity, particularly attempts to access files outside of the expected directories. Consider using a Web Application Firewall (WAF) to filter out malicious requests attempting to exploit directory traversal vulnerabilities. After upgrading, verify the fix by attempting to access files outside the intended directory and confirming access is denied.
Update SolarWinds Access Rights Manager to the latest version available from the vendor. Refer to the SolarWinds security advisory for specific instructions on updating and mitigating the vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-23477 is a Remote Code Execution vulnerability in SolarWinds Access Rights Manager allowing unauthenticated attackers to execute code. It has a CVSS score of 7.9 (HIGH).
You are affected if you are running SolarWinds Access Rights Manager versions prior to 2023.2.2. Check your version and upgrade immediately.
Upgrade to SolarWinds Access Rights Manager version 2023.2.2 or later. Implement temporary workarounds if immediate upgrade is not possible.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's ease of exploitation suggests a high probability of exploitation.
Refer to the official SolarWinds security advisory for detailed information and remediation steps: [https://www.solarwinds.com/securityadvisories/swa-20240215-01](https://www.solarwinds.com/securityadvisories/swa-20240215-01)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.