overview
Eight previously unknown vulnerabilities have been found within SolarWinds' Access Rights Manager Tool (ARM). Among these, three have been classified as critical, posing a substantial threat to unpatched systems. The critical vulnerabilities are as follows:
- CVE-2023-35182 (9.8 severity): Remote, unauthenticated attackers can achieve SYSTEM-level code execution by exploiting the deserialization of untrusted data within the 'createGlobalServerChannelInternal' method.
- CVE-2023-35185 (9.8 severity): Remote, unauthenticated attackers can execute arbitrary code at the SYSTEM level due to inadequate validation of user-supplied paths within the 'OpenFile' method.
- CVE-2023-35187 (9.8 severity): Remote, unauthenticated attackers can execute arbitrary code at the SYSTEM level without authentication, thanks to the absence of validation for user-supplied paths in the 'OpenClientUpdateFile' method.
In these cases, insufficient data validation in the 'createGlobalServerChannelInternal,' 'OpenFile,' and 'OpenClientUpdateFile' methods allows attackers to execute code at the highest Windows privilege level (SYSTEM). Also, these three vulnerabilities don't require prior authentication.
A fix for these vulnerabilities has been released in the form of ARM version 2023.2.1. There are other vulnerabilities that also impact ARM but are not as severe as those previously mentioned.
- CVE-2023-35181 and CVE-2023-35183: these vulnerabilities allow unauthorized users to exploit local resources and incorrect folder permissions, resulting in local privilege escalation. Both are rated at 7.8 out of 10 in severity.
- CVE-2023-35180, CVE-2023-35184, and CVE-2023-35186: These vulnerabilities, rated at 8.8 out of 10, allow users to abuse SolarWinds’ services and its ARM API to execute remote code on the system.
Avertium strongly recommends that all users upgrade to ARM version 2023.2.1 as soon as possible. It’s important to be proactive and protect your systems and data.
avertium's recommendationS
- Avertium recommends that all users apply the fixes for each of the mentioned vulnerabilities. You may find patch guidance in the new ARM version 2023.2.1 guide published by SolarWinds.
- SolarWinds’ release notes for all eight vulnerabilities can be found here.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
How Avertium is Protecting Our CUSTOMERS
- Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:
- Risk Assessments
- Pen Testing and Social Engineering
- Infrastructure Architecture and Integration
- Zero Trust Network Architecture
- Vulnerability Management
- Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
- Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks. If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.
SUPPORTING DOCUMENTATION