Warning: Multiple Critical vulnerabilities affect the SolarWinds Access Rights Manager tool, Patch immediately!
CVE-2023-35180 :CVSS 8.0(CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35181 :CVSS 7.8(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35182 :CVSS 8.8(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35183 :CVSS 7.8(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35184 :CVSS 8.8(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35185 :CVSS 8.8(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35186 :CVSS 8.0(CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-35187 :CVSS 8.8(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risques
Trend Micro's Zero Day Initiative has discovered several high and critical severity vulnerabilities in the SolarWinds Access Right Manager (ARM) tool. Successful exploitation allows a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
Description
CVE-2023-35181 and CVE-2023-35183 allow an unauthorised attacker to exploit local resources and incorrect folder permissions to escalate local privileges.
CVE-2023-35180, CVE-2023-35184, and CVE-2023-35186 allow an attacker to exploit the SolarWinds service and/or its ARM API to gain remote code execution (RCE).
CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187 allow an unauthenticated remote attacker to execute remote code, with SYSTEM privileges. The problem stems from improper validation of the createGlobalServerChannelInternal, OpenFile, and OpenClientUpdateFile methods, allowing an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
Actions recommandées
Références