More than half a dozen security flaws have been identified in the SolarWinds Access Rights Manager Tool (ARM). Three of them are of critical severity that could open the door for attackers to gain the highest levels of privilege in any unpatched systems.
Researchers from Trend Micro’s Zero Day Initiative revealed a series of “High” and “Critical”-rated vulnerabilities in ARM. The most severe of these bugs would allow remote unauthenticated attacker to execute arbitrary code at the system level. They could completely take over an affected system. While we did not look at exploitability, the potential of these vulnerabilities is about as bad as it gets.”
The vulnerabilities tracked as CVE-2023-35181 and CVE-2023-35183 — allow unauthorized users to abuse local resources and incorrect folder permissions to perform local privilege escalation Each was assigned a “high” severity rating of 7.8.
Other vulnerabilities tracked as CVE-2023-35180, CVE-2023-35184, and CVE-2023-35186, all rated 8.8 that open the door for users to abuse a SolarWinds service, or its ARM API, in order to perform remote code execution (RCE).
Another trio of RCE vulnerabilities that was assigned “critical” 9.8 ratings: CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187.
A lack of proper validation for the methods createGlobalServerChannelInternal, OpenFile, and OpenClientUpdateFile, respectively, could enable attackers to run arbitrary code at the SYSTEM level — the highest possible level of privilege on a Windows machine. These three do not require prior authentication for exploitation.
A new ARM version 2023.2.1, pushed to the public on Wednesday, fixes all eight vulnerabilities. SolarWinds clients are advised to patch immediately.