SolarWinds Access Rights Manager 目录遍历远程代码执行漏洞

The impact of CVE-2024-23467 is severe due to the ease of exploitation and the potential for complete system takeover. An unauthenticated attacker can leverage this vulnerability to execute arbitrary code without needing any credentials. This could involve installing malware, stealing sensitive data, modifying system configurations, or establishing a persistent foothold within the network. The lack of authentication requirements significantly broadens the attack surface, making virtually any system running the vulnerable version of Access Rights Manager a potential target. Successful exploitation could lead to data breaches, denial of service, and lateral movement within the network, potentially affecting other systems and data stores. Given SolarWinds' prominence and the criticality of Access Rights Manager, this vulnerability represents a significant risk.

Organizations heavily reliant on SolarWinds Access Rights Manager for access control and privilege management are at significant risk. Specifically, deployments with weak network segmentation or legacy configurations that lack robust access controls are particularly vulnerable. Shared hosting environments where multiple tenants share the same server instance are also at increased risk, as a compromise of one tenant could potentially lead to the compromise of others.

• windows / supply-chain:

Get-Process -Name "AccessRightsManager*" | Select-Object ProcessId, CommandLine

• windows / supply-chain:

Get-WinEvent -LogName Application -Filter "EventID = 1001" -MaxEvents 10 | Select-String -Pattern "AccessRightsManager"

• windows / supply-chain: Check Autoruns for unusual entries related to Access Rights Manager. • linux / server: Monitor system logs (journalctl) for unusual file access patterns or process executions related to Access Rights Manager (if running in a Linux environment). • generic web: Inspect Access Rights Manager web server logs for attempts to access files outside of the designated directory structure.

1. 2024-07-17Disclosure

   disclosure

2. 2024-07-17Patch

   patch

1. 已保留2024-01-17
2. 发布日期2024-07-17
3. 修改日期2024-08-01
4. EPSS 更新日期2026-04-02

The primary mitigation for CVE-2024-23467 is to upgrade SolarWinds Access Rights Manager to version 2024.3 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds. While a direct WAF rule is unlikely to be effective against this type of vulnerability, strict network segmentation and access control policies can limit the potential blast radius. Monitor Access Rights Manager logs for unusual activity, particularly attempts to access files outside of the designated directory structure. After upgrading, confirm the vulnerability is resolved by attempting to trigger the directory traversal path and verifying that access is denied.