CVE-2024-23471

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm	Release Notes
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-17 15:15

Updated : 2024-11-21 08:57

NVD link : CVE-2024-23471

Mitre link : CVE-2024-23471

CVE.ORG link : CVE-2024-23471

JSON object : View

Products Affected

solarwinds

access_rights_manager

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-23471", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@solarwinds.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-17T15:15:12.403", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm", "tags": ["Release Notes"], "source": "psirt@solarwinds.com"}, {"url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@solarwinds.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. "}, {"lang": "es", "value": "Se descubri\u00f3 que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2024-11-21T08:57:46.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC3AC50B-3261-4394-80A9-15303C2C1D58", "versionEndIncluding": "2023.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@solarwinds.com"}