Platform
windows
Component
access-rights-manager
Fixed in
2023.2.3
CVE-2024-23479 describes a Remote Code Execution (RCE) vulnerability discovered in SolarWinds Access Rights Manager (ARM). Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the affected system, potentially leading to complete system compromise. This vulnerability impacts versions of ARM up to and including 2023.2.2. A patch is available in version 2023.2.2.
The impact of CVE-2024-23479 is severe due to its unauthenticated nature and the potential for Remote Code Execution. An attacker could leverage this vulnerability to gain initial access to a network, escalate privileges, and move laterally to other systems. The attacker could then steal sensitive data, install malware, or disrupt critical business operations. Given SolarWinds ARM's role in access management, a successful exploit could grant an attacker control over privileged accounts and access to highly sensitive resources. This vulnerability shares similarities with other directory traversal exploits where attackers leverage predictable file paths to bypass security controls.
CVE-2024-23479 was publicly disclosed on February 15, 2024. The vulnerability's ease of exploitation and the critical nature of the affected product suggest a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept (PoC) code has been widely released as of this writing, but the vulnerability's simplicity makes it likely that PoCs will emerge. Monitor CISA advisories and security news sources for updates.
Exploit Status
EPSS
1.30% (80% percentile)
CVSS Vector
The primary mitigation for CVE-2024-23479 is to immediately upgrade SolarWinds Access Rights Manager to version 2023.2.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the ARM server and implementing strict firewall rules to limit inbound connections. Monitor ARM logs for suspicious activity, particularly attempts to access unusual file paths. Implement a Web Application Firewall (WAF) with rules to block directory traversal attempts. After upgrading, confirm the fix by attempting to trigger the vulnerability using a known exploit pattern and verifying that the attempt is blocked.
Update SolarWinds Access Rights Manager to the latest version available from the vendor. Refer to the SolarWinds security advisory for specific instructions on updating and patched versions. Apply the mitigations recommended by SolarWinds if an immediate update is not possible.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-23479 is a critical Remote Code Execution vulnerability in SolarWinds Access Rights Manager allowing unauthenticated attackers to execute code. It affects versions up to 2023.2.2 and requires immediate attention.
You are affected if you are running SolarWinds Access Rights Manager versions 2023.2.2 or earlier. Check your version and upgrade immediately.
Upgrade to SolarWinds Access Rights Manager version 2023.2.2 or later. If immediate upgrade isn't possible, implement temporary workarounds like restricting network access and WAF rules.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high likelihood of exploitation. Monitor security advisories and implement mitigations proactively.
Refer to the official SolarWinds security advisory for detailed information and instructions: [https://www.solarwinds.com/securityadvisories/swa-20240215-01](https://www.solarwinds.com/securityadvisories/swa-20240215-01)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.