SolarWinds Patches Eight Critical Vulnerabilities in Access Rights Manager Software

July 18, 2024

SolarWinds recently addressed eight critical vulnerabilities in its Access Rights Manager (ARM) software. Six of these vulnerabilities, namely CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470, could potentially allow attackers to gain remote code execution (RCE) capabilities on vulnerable systems. ARM is a crucial tool in enterprise environments, assisting administrators in managing and auditing access rights across their organization's IT infrastructure to minimize the impact of threats. These RCE vulnerabilities, all with severity scores of 9.6/10, could enable attackers without privileges to execute code or commands on unpatched systems, with or without SYSTEM privileges, depending on the flaw exploited.

In addition to these, SolarWinds also patched three critical directory traversal flaws, CVE-2024-23475 and CVE-2024-23472, which could allow unauthenticated users to perform arbitrary file deletion and access sensitive information by accessing files or folders outside of restricted directories. The company also addressed a high-severity authentication bypass vulnerability, CVE-2024-23465, which could potentially allow unauthenticated malicious actors to gain domain admin access within the Active Directory environment.

These flaws were reported through Trend Micro's Zero Day Initiative and have been addressed in the Access Rights Manager 2024.3 version, released on Wednesday with bug and security fixes. SolarWinds has not yet disclosed whether proof-of-concept exploits for these flaws exist in the wild or whether any of them have been exploited in attacks.

It's worth noting that SolarWinds previously patched five other RCE vulnerabilities in the ARM solution in February, three of which were rated critical due to their potential for unauthenticated exploitation.

The company was the victim of a significant breach four years ago, when its internal systems were compromised by the Russian APT29 hacking group. The threat actors injected malicious code into Orion IT administration platform builds downloaded by customers between March 2020 and June 2020. Despite the wide reach of the initial compromise, the threat group only targeted a significantly smaller number of SolarWinds customers for further exploitation.

Following the disclosure of the supply-chain attack, numerous U.S. government agencies confirmed their networks were compromised in the campaign, including the Departments of State, Homeland Security, Treasury, and Energy, as well as the National Telecommunications and Information Administration (NTIA), the National Institutes of Health, and the National Nuclear Security Administration. In April 2021, the U.S. government formally accused the Russian Foreign Intelligence Service (SVR) of orchestrating the 2020 SolarWinds attack, and the U.S. Securities and Exchange Commission (SEC) charged SolarWinds in October 2023 for failing to notify investors of cybersecurity defense issues prior to the hack.

Latest News

• TAG-100: A New Cyber Threat Actor Leveraging Open-Source Tools for Global Attacks
• Critical Vulnerability in Cisco SSM On-Prem Allows Hackers to Alter User Passwords
• CISA Issues Warning on Active Exploitation of GeoServer GeoTools RCE Vulnerability
• Void Banshee APT Exploits Microsoft Zero-Day to Launch Spear-Phishing Attacks
• HardBit Ransomware 4.0 Utilizes Passphrase Protection to Elude Detection