CVE-2024-23476 & 23479: Pre-Authentication RCE Flaws Found in SolarWinds ARM

Security researchers have uncovered a dangerous cluster of vulnerabilities affecting the popular SolarWinds Access Rights Manager (ARM) software. Of the five disclosed flaws, three carry the potential for unauthenticated remote code execution – meaning attackers could seize control of vulnerable systems without needing any login credentials. SolarWinds urges all ARM users to prioritize patching.

Unveiled by both anonymous researchers and Piotr Bazydlo, also known as @chudypb, these vulnerabilities pose a significant threat to SolarWinds’ ARM. Among the five vulnerabilities, three stand out for their potential to enable remote code execution without authentication. Tracked as CVE-2024-23476, CVE-2024-23477, and CVE-2024-23479, these flaws represent a grave risk to the integrity and security of enterprise systems.

• CVE-2024-23476 (CVSS 9.6), CVE-2024-23477 (CVSS 7.9), CVE-2024-23479 (CVSS 9.6): These directory traversal vulnerabilities enable remote code execution on vulnerable ARM servers. Even without valid login details, attackers could exploit these flaws, potentially achieving a full system takeover.

• CVE-2023-40057 (CVSS 9.0), CVE-2024-23478 (CVSS 8.0): While requiring authentication, these vulnerabilities still allow remote code execution. An attacker with existing access (however limited) could exploit these flaws to escalate privileges and wreak further havoc.

“SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution,” reads the release notes.

The ability for attackers to remotely execute code on targeted systems has far-reaching and highly damaging consequences. Threat actors could:

• Install malware or ransomware
• Steal sensitive data
• Disrupt critical business operations
• Launch attacks on connected networks

SolarWinds has confirmed fixes for all five vulnerabilities in ARM version 2023.2.3. Organizations utilizing Access Rights Manager must ensure they have applied these patches as an absolute priority. There is no evidence these vulnerabilities have been exploited in the wild, but swift patching is critical proactive defense. As cyber threats continue to evolve in sophistication and scope, organizations must remain proactive in identifying and addressing vulnerabilities within their IT infrastructure.