SolarWinds Access Rights Manager Tool (ARM) is a crucial tool used by organizations to manage and audit user access rights in their IT environments. However, recent security research has uncovered multiple vulnerabilities in SolarWinds ARM, including critical ones that pose significant risks to system security.
Description
Security researchers have identified three critical vulnerabilities in SolarWinds ARM: CVE-2023-35182, CVE-2023-35185 [1] [2], and CVE-2023-35187 [1] [2]. These vulnerabilities allow remote attackers to escalate privileges and execute remote code with SYSTEM privileges [5]. Additionally, an unauthenticated user can exploit CVE-2023-35184 to execute remote code. Even authenticated users can misuse the SolarWinds ARM API to gain unauthorized access to sensitive information or carry out malicious actions [5]. Furthermore, these vulnerabilities enable users to escalate their privileges and access local resources [5]. Attackers can exploit directory traversal flaws to execute arbitrary code, potentially compromising the affected system [5]. These vulnerabilities were reported through Trend Micro’s Zero Day Initiative [3] [4].
To address these security issues [4], SolarWinds has released patch 2023.2.1 for ARM v 2023.1 and earlier versions. This patch effectively mitigates the vulnerabilities and prevents remote code execution in the context of SYSTEM. It is crucial for organizations using SolarWinds ARM to promptly apply the patch and ensure the security of their systems.
Conclusion
The vulnerabilities discovered in SolarWinds ARM pose significant risks to system security. However, with the release of patch 2023.2.1, organizations can effectively mitigate these vulnerabilities and prevent remote code execution. It is essential for organizations to promptly apply the patch to ensure the security of their systems. Moving forward, it is crucial for SolarWinds to prioritize security measures and regularly update their software to prevent future vulnerabilities.
References
[1] https://www.criticalinsight.com/vulnerabilities/cve-2023-35182-35185-35187
[2] https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-35184
[3] https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover
[4] https://cyber.vumetric.com/security-news/2023/10/20/critical-rce-flaws-found-in-solarwinds-access-audit-solution/
[5] https://cybersecuritynews.com/solarwinds-access-rights-manager-flaw/
