Solarwinds ARM Pre Auth RCE Bug CVE-2024-23476 & CVE-2024-23479

Security researchers have uncovered vulnerabilities affecting the popular SolarWinds Access Rights Manager (ARM) software. Of the five disclosed flaws, three carry the potential for unauthenticated remote code execution – meaning attackers could seize control of vulnerable systems without needing any login credentials. SolarWinds urges all ARM users to prioritize patching.

Among the five vulnerabilities, three stand out for their potential to enable remote code execution without authentication. Tracked as CVE-2024-23476, CVE-2024-23477, and CVE-2024-23479, these flaws represent a grave risk to the integrity and security of enterprise systems.

CVE-2024-23476 (CVSS 9.6), CVE-2024-23477 (CVSS 7.9), CVE-2024-23479 (CVSS 9.6): These directory traversal vulnerabilities enable remote code execution on vulnerable ARM servers. Even without valid login details, attackers could exploit these flaws, potentially achieving a full system takeover.

Advertisements

CVE-2023-40057 (CVSS 9.0), CVE-2024-23478 (CVSS 8.0): While requiring authentication, these vulnerabilities still allow remote code execution. An attacker with existing access (however limited) could exploit these flaws to escalate privileges and wreak further havoc.

The ability for attackers to remotely execute code on targeted systems has far-reaching and highly damaging consequences. Threat actors could:

Install malware or ransomware.
Steal sensitive data.
Disrupt critical business operations.
Launch attacks on connected networks.

SolarWinds has confirmed fixes for all five vulnerabilities in ARM version 2023.2.3. Organizations utilizing Access Rights Manager must ensure they have applied these patches as an absolute priority. There is no evidence these vulnerabilities have been exploited in the wild, but swift patching is critical proactive defense. As cyber threats continue to evolve in sophistication and scope, organizations must remain proactive in identifying and addressing vulnerabilities within their IT infrastructure.