平台
windows
组件
access-rights-manager
修复版本
2023.2.3
CVE-2024-23479 describes a Remote Code Execution (RCE) vulnerability discovered in SolarWinds Access Rights Manager (ARM). Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the affected system, potentially leading to complete system compromise. This vulnerability impacts versions of ARM up to and including 2023.2.2. A patch is available in version 2023.2.2.
The impact of CVE-2024-23479 is severe due to its unauthenticated nature and the potential for Remote Code Execution. An attacker could leverage this vulnerability to gain initial access to a network, escalate privileges, and move laterally to other systems. The attacker could then steal sensitive data, install malware, or disrupt critical business operations. Given SolarWinds ARM's role in access management, a successful exploit could grant an attacker control over privileged accounts and access to highly sensitive resources. This vulnerability shares similarities with other directory traversal exploits where attackers leverage predictable file paths to bypass security controls.
CVE-2024-23479 was publicly disclosed on February 15, 2024. The vulnerability's ease of exploitation and the critical nature of the affected product suggest a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept (PoC) code has been widely released as of this writing, but the vulnerability's simplicity makes it likely that PoCs will emerge. Monitor CISA advisories and security news sources for updates.
Organizations heavily reliant on SolarWinds Access Rights Manager for access control, particularly those with legacy configurations or deployments that haven't been regularly patched, are at significant risk. Shared hosting environments where multiple tenants share the same ARM instance are also particularly vulnerable, as a compromise of one tenant could potentially impact others.
• windows / supply-chain:
Get-Process -Name "AccessRightsManager" | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1001" -MaxEvents 10 | Select-String -Pattern "AccessRightsManager"• windows / supply-chain: Check Autoruns for unusual entries related to Access Rights Manager. • windows / supply-chain: Use Sysinternals Process Monitor to observe file access patterns for Access Rights Manager, looking for attempts to access unexpected directories.
disclosure
patch
漏洞利用状态
EPSS
1.30% (80% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-23479 is to immediately upgrade SolarWinds Access Rights Manager to version 2023.2.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the ARM server and implementing strict firewall rules to limit inbound connections. Monitor ARM logs for suspicious activity, particularly attempts to access unusual file paths. Implement a Web Application Firewall (WAF) with rules to block directory traversal attempts. After upgrading, confirm the fix by attempting to trigger the vulnerability using a known exploit pattern and verifying that the attempt is blocked.
将 SolarWinds Access Rights Manager 更新到供应商提供的最新版本。请参阅 SolarWinds 安全公告以获取有关更新和已修复版本的具体说明。如果无法立即更新,请应用 SolarWinds 推荐的缓解措施。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-23479 is a critical Remote Code Execution vulnerability in SolarWinds Access Rights Manager allowing unauthenticated attackers to execute code. It affects versions up to 2023.2.2 and requires immediate attention.
You are affected if you are running SolarWinds Access Rights Manager versions 2023.2.2 or earlier. Check your version and upgrade immediately.
Upgrade to SolarWinds Access Rights Manager version 2023.2.2 or later. If immediate upgrade isn't possible, implement temporary workarounds like restricting network access and WAF rules.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high likelihood of exploitation. Monitor security advisories and implement mitigations proactively.
Refer to the official SolarWinds security advisory for detailed information and instructions: [https://www.solarwinds.com/securityadvisories/swa-20240215-01](https://www.solarwinds.com/securityadvisories/swa-20240215-01)