CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw

by do son · September 12, 2024

In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit user access rights across an organization’s IT infrastructure. The newly identified vulnerabilities, CVE-2024-28990 and CVE-2024-28991, have the potential to compromise the security of networks utilizing ARM, with impacts ranging from unauthorized access to remote code execution.

CVE-2024-28990 (CVSS 6.3): Hardcoded Credentials Authentication Bypass

The first vulnerability, tracked as CVE-2024-28990, is a hardcoded credential authentication bypass flaw. Discovered by Piotr Bazydlo (@chudypb) of Trend Micro’s Zero Day Initiative, this means that attackers could potentially gain unauthorized access to the RabbitMQ management console, a key component of the ARM system.

CVE-2024-28991 (CVSS 9.0): Deserialization of Untrusted Data Remote Code Execution

The second and even more critical vulnerability, identified as CVE-2024-28991, also discovered by Piotr Bazydlo, allows for remote code execution. An authenticated attacker could exploit this flaw to execute malicious code on the targeted system, potentially leading to complete control over the ARM application and access to sensitive data.

Impact and Urgency

These vulnerabilities have the potential to severely compromise the security of organizations using SolarWinds ARM. The impact could include:

Unauthorized access to sensitive data
Execution of malicious code
Privilege escalation and lateral movement within the network
Disruption of critical IT operations

Given the severity of these vulnerabilities, SolarWinds strongly urges all users to update their ARM installations to version 2024.3.1 immediately. This update addresses both flaws and mitigates the associated risks.