SolarWinds Access Rights Manager Flaw Let Attackers Execute Remote Code

IT and security administrators can utilize SolarWinds Access Rights Manager (ARM) to efficiently manage and audit user access rights to data, systems, and files. 

The software provides an easy-to-use interface for provisioning, de-provisioning, and overseeing access, which helps safeguard organizations from potential data loss and breaches.

Access Rights Manager 2023.2 was impacted with multiple flaws that let a remote attacker escalate privileges and execute remote code.


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Vulnerabilities Affected 

CVE-2023-35180: Remote Code Execution Vulnerability

A Remote Code Execution Vulnerability had been detected in SolarWinds Access Rights Manager, which authenticated users can exploit to misuse the SolarWinds ARM API.

CVE-2023-35181: Privilege Escalation Vulnerability

There was a Privilege Escalation Vulnerability in the SolarWinds Access Rights Manager. This vulnerability occurred due to incorrect folder permissions, enabling users to exploit and escalate their privileges.

CVE-2023-35182: Remote Code Execution Vulnerability

A vulnerability was found in SolarWinds Access Rights Manager that could allow remote code execution. Attackers not authenticated on the SolarWinds ARM Server can exploit this vulnerability to gain unauthorized access to sensitive information or carry out malicious actions.

CVE-2023-35183: Privilege Escalation Vulnerability

A Privilege Escalation Vulnerability was detected in the SolarWinds Access Rights Manager, which authenticated users could exploit to gain unauthorized privileges and access to local resources. This vulnerability enables users to misuse local resources for privilege escalation.

CVE-2023-35184: Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was vulnerable to a Remote Code Execution exploit, allowing an attacker to execute code remotely by abusing a SolarWinds service without authentication.

CVE-2023-35185: Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was found to have a vulnerability that allowed remote attackers to execute arbitrary code by exploiting a directory traversal flaw. This flaw allowed attackers to gain SYSTEM privileges and potentially compromise the affected system.

CVE-2023-35186: Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager had a flaw, allowing someone to control it from afar. This means that someone who was allowed to use SolarWinds could misuse it and make it do things it shouldn’t.

CVE-2023-35187: Remote Code Execution Vulnerability

A Directory Traversal Remote Code Vulnerability could be exploited on SolarWinds Access Rights Manager with the use of SYSTEM privileges.

“SolarWinds has developed a patch for these issues and communicated with customers about the steps needed to apply the fix to harden their environments. We are not aware of any evidence that any of these vulnerabilities have been exploited.” Solarwinds spokesperson said Cyber Security News.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.