平台
windows
组件
access-rights-manager
修复版本
2023.2.5
CVE-2024-23471 describes a Remote Code Execution (RCE) vulnerability discovered in SolarWinds Access Rights Manager. Successful exploitation allows an authenticated user to abuse a SolarWinds service, leading to arbitrary code execution on the affected system. This vulnerability impacts versions of Access Rights Manager prior to 2023.2.4. A patch is available in version 2024-3.
The impact of CVE-2024-23471 is severe due to the RCE nature of the vulnerability. An attacker who can authenticate to the Access Rights Manager system can leverage this flaw to execute arbitrary code with the privileges of the affected service account. This could lead to complete system compromise, data exfiltration, and lateral movement within the network. The ability to execute code remotely bypasses typical security controls and significantly expands the attack surface. Similar RCE vulnerabilities in privileged access management tools have historically resulted in widespread data breaches and significant operational disruption.
CVE-2024-23471 was publicly disclosed on July 17, 2024. The vulnerability's criticality (CVSS 9.6) indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of exploitation (requiring only authentication) suggests that it is likely to become a target for attackers. It is not currently listed on CISA KEV, but given its severity and potential impact, it may be added in the future.
Organizations heavily reliant on SolarWinds Access Rights Manager for privileged access management are at significant risk. Specifically, deployments with older versions (≤2023.2.4) and those with weak authentication policies are particularly vulnerable. Shared hosting environments where multiple tenants share the same Access Rights Manager instance also face increased risk due to the potential for cross-tenant exploitation.
• windows / supply-chain:
Get-Process -Name AccessRightsManager | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1001 and ProviderName = 'SolarWinds Access Rights Manager'" -Tail 10• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*AccessRightsManager*'} | Format-List TaskName, State• linux / server: (While Access Rights Manager is primarily Windows, monitor for related network traffic)
journalctl -u solarwinds-access-rights-manager -n 20disclosure
patch
漏洞利用状态
EPSS
1.59% (82% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-23471 is to upgrade SolarWinds Access Rights Manager to version 2024-3 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing stricter authentication controls and limiting access to the Access Rights Manager service. Review and restrict user permissions to the minimum necessary for their roles. Monitor Access Rights Manager logs for suspicious activity, particularly authentication failures and unusual service behavior. While a WAF cannot directly prevent this RCE, it can help detect and block malicious payloads attempting to exploit the vulnerability. No specific Sigma or YARA rules are currently available, but monitoring for unusual process execution related to the Access Rights Manager service is recommended.
将 SolarWinds Access Rights Manager 更新到 2024-3 版本或更高版本。该更新修复了远程代码执行漏洞。请参阅版本说明,了解有关如何更新的详细说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-23471 is a critical RCE vulnerability in SolarWinds Access Rights Manager versions prior to 2023.2.4, allowing authenticated users to execute code remotely.
You are affected if you are running SolarWinds Access Rights Manager version 2023.2.4 or earlier. Check your version and upgrade immediately.
Upgrade to SolarWinds Access Rights Manager version 2024-3 or later to remediate the vulnerability. Implement stricter authentication controls as an interim measure.
While no public exploits are currently available, the vulnerability's criticality and ease of exploitation suggest it is likely to become a target for attackers.
Refer to the official SolarWinds security advisory on their website for detailed information and remediation steps: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)