Plateforme
solarwinds
Composant
access-rights-manager
Corrigé dans
2023.2.5
CVE-2024-23475 represents a critical Directory Traversal and Information Disclosure vulnerability affecting SolarWinds Access Rights Manager. This flaw allows unauthenticated users to perform arbitrary file deletion and leak sensitive information, potentially leading to significant data breaches and system compromise. The vulnerability impacts versions of SolarWinds Access Rights Manager up to and including 2023.2.4. A patch is available in version 2024-3.
The impact of CVE-2024-23475 is severe due to its unauthenticated nature and the potential for arbitrary file deletion and information disclosure. An attacker could leverage this vulnerability to delete critical configuration files, database backups, or other sensitive data stored on the system. Successful exploitation could also lead to the exposure of credentials, personally identifiable information (PII), or proprietary business data. The ability to delete files could disrupt services and render the Access Rights Manager unusable, causing significant operational downtime. The lack of authentication required for exploitation dramatically increases the attack surface and potential for widespread compromise.
CVE-2024-23475 was publicly disclosed on July 17, 2024. Its CRITICAL CVSS score (9.6) indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been widely released at the time of writing, the ease of exploitation inherent in directory traversal vulnerabilities suggests that a PoC is likely to emerge. The vulnerability has been added to the CISA KEV catalog, signifying a heightened level of concern and potential for exploitation in critical infrastructure environments.
Organizations heavily reliant on SolarWinds Access Rights Manager for access control and privilege management are particularly at risk. Environments with limited network segmentation or inadequate access controls are also more vulnerable. Shared hosting environments where multiple customers share the same server infrastructure could experience widespread compromise if one customer's Access Rights Manager instance is exploited.
• windows / server:
Get-WinEvent -LogName Security -Filter "EventID = 4663 -MessageText '*\*'"; Get-Process -Name 'swarrm' | Select-Object -ExpandProperty Path• windows / server:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*swarrm*'} | Select-Object -ExpandProperty Actions• generic web:
curl -I 'http://<target>/../../../../etc/passwd' # Check for directory traversal responsedisclosure
patch
Statut de l'Exploit
EPSS
0.24% (percentile 48%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-23475 is to upgrade SolarWinds Access Rights Manager to version 2024-3 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing temporary workarounds. Restrict network access to the Access Rights Manager server to only authorized personnel. Implement strict file permissions to limit the impact of potential file deletion. Monitor system logs for suspicious activity, particularly attempts to access or modify files outside of expected directories. Consider using a Web Application Firewall (WAF) to filter out malicious requests attempting to exploit directory traversal vulnerabilities. After upgrading, confirm the vulnerability is resolved by attempting a directory traversal request and verifying that access is denied.
Mettez à jour SolarWinds Access Rights Manager à la version 2024-3 ou ultérieure. La mise à jour corrige la vulnérabilité de traversal de répertoire et de divulgation d'informations. Consultez les notes de version pour obtenir des instructions détaillées sur la mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-23475 is a critical vulnerability allowing unauthenticated attackers to delete files and leak sensitive information in SolarWinds Access Rights Manager versions up to 2023.2.4.
You are affected if you are running SolarWinds Access Rights Manager versions 2023.2.4 or earlier. Upgrade to 2024-3 or later to mitigate the risk.
Upgrade SolarWinds Access Rights Manager to version 2024-3 or later. Implement temporary workarounds like restricting network access and monitoring logs if an immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of active exploitation.
Refer to the official SolarWinds security advisory for detailed information and remediation steps: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.