SolarWinds Releases Patches for Vulnerabilities - 20240219001¶
Overview¶
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
What is vulnerable?¶
| Product(s) Affected | Summary | Severity | CVSS |
|---|---|---|---|
| SolarWinds Access Rights Manager (ARM) 2023.2.2 | CVE-2024-23476 | Critical | 9.6 |
| SolarWinds Access Rights Manager (ARM) 2023.2.2 | CVE-2024-23479 | Critical | 9.6 |
| SolarWinds Access Rights Manager (ARM) 2023.2.2 | CVE-2023-40057 | Critical | 9.0 |
| SolarWinds Access Rights Manager (ARM) 2023.2.2 | CVE-2024-23478 | High | 8.0 |
| SolarWinds Access Rights Manager (ARM) 2023.2.2 | CVE-2024-23477 | High | 7.9 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):