These vulnerabilities could allow a local attacker to execute arbitrary code with SYSTEM privileges, possibly leading to a compromise of system/data integrity, confidentiality, and/or availability. In addition, Network Configuration Manager was also susceptible to a Sensitive Information Disclosure Vulnerability.

The last vulnerability concerns an insecure job execution mechanism vulnerability affecting Solarwinds Platform with a high impact on confidentiality.

All vulnerabilities have been reported by security researchers. At the time of publication the vendor was not aware of any exploitation in the wild.

Beschrijving

The SolarWinds Orion Platform is an infrastructure monitoring and management platform. Solarwinds Network Configuration Manager (NCM) is a network configuration and change management platform.

Network Configuration Manager 2023.3.1 and previous versions are susceptible to two directory traversal remote code execution vulnerabilities CVE-2023-33226 and CVE-2023-33227 and a sensitive information disclosure vulnerability (CVE-2023-33228). Both CVE-2023-33226 and CVE-2023-33227 received a CVSS score of 8.0.

The exploitation of the directory traversal vulnerabilities could allow a local authenticated attacker to perform the actions with SYSTEM privileges.

Both CVE-2023-33226 and CVE-2023-33227 received a CVSS score of 8.0. CVE-2023-33228 received a CVSS score of 4.5. A local attacker with high privilege access exploiting CVE-2023-33228 would likely gain access to credentials and/or configuration files for the managed equipment.

Solarwinds Orion platform 2023.3.1 and prior are susceptible to an insecure job execution mechanism vulnerability CVE-2023-40061 and an incomplete list of disallowed inputs remote code execution vulnerability CVE-2023-40062.

CVE-2023-40061 received a CVSS score 7.1. Although the security bulletin does not specify the exact impact of this vulnerability, CVSS scoring indicates a high impact on confidentiality by a local attacker with high privileges.

CVE-2023-40062 received a CVSS score of 8.0. If If exploited, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

All five vulnerabilities have been reported by security researchers. At the time of publication the vendor was not aware of any exploitation in the wild.

Aanbevolen acties

The Centre for Cybersecurity Belgium strongly recommends administrators of affected systems to take the following actions:

Reduce your attack surface

Implement access and authorization management policies to restrict access to your network management platforms to authorized persons only from authorized networks only.

Considering the functionality of these platforms, these platforms are likely to have access to a significant part of your infrastructure. Please ensure proper network segmentation is in place and periodically review firewall rules to restrict network access from these management platforms to your infrastructure to a minimum.

Monitor/Detect

Please ensure proper monitoring is in place to detect anomalies in your network such as unexpected port scans or unexpected access to managed equipment originating from your management networks.

Patch

These vulnerabilities are fixed in

SolarWinds Platform 2023.4
SolarWinds Network Configuration Manager 2023.4

Patch after thorough testing and keep an eye out for future security bulletins.

Referenties

Vendor security advisories - https://www.solarwinds.com/trust-center/security-advisories