RCE vulnerabilities fixed in SolarWinds enterprise solutions

SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations.

SolarWinds arm platform vulnerabilities

SolarWinds ARM flaws fixed

SolarWinds, the company whose Orion IT administration platform has been infamously compromised in 2020 to deploy backdoors on select agencies’ and companies’ systems, has patched five vulnerabilities affecting its Access Rights Manager (ARM) solution.

SolarWinds ARM is used by organizations to manage and audit access rights across their IT infrastructure.

All of the fixed vulnerabilities in SolarWinds ARM have been privately reported either by Trend Micro Zero Day Initiative (ZDI) researcher Piotr Bazydło or by anonymous researchers working with that same software vulnerability-hunting program. There is currently no mention of them being exploited by attackers.

CVE-2024-23476, CVE-2024-23479 and CVE-2024-23477 are (critical) directory traversal flaws that could be exploited by unauthenticated attackers to achieve RCE.

CVE-2023-40057 and CVE-2024-23478 are (high-severity) deserialization of untrusted data bugs that can also lead to remote code execution, but require successful authentication before exploitation.

The vulnerabilities affect SolarWinds ARM v2023.2, and have been fixed in v2023.2.3. Admins are advised to upgrade to a fixed version, as no alternative mitigations or workarounds have been shared.

SolarWinds (Orion) Platform flaws fixed

The company has also upgraded its SolarWinds Platform (formerly SolarWinds Orion Platform) to version 2024.1, with new features – among them, new password requirements for local accounts – but also fixes for a slew of bugs and two SQL injection vulnerabilities: CVE-2023-50395 and CVE-2023-35188.

Both have been reported by Piotr Bazydło and may allow remote attackers to execute arbitrary code on affected installations of the SolarWinds Platform (with prior authentication).

Both exists within the AppendCreatePrimary method and are caused by a lack of proper validation of a user-supplied string before using it to construct SQL queries.

Don't miss