CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw

In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit user access rights across an organization’s IT infrastructure. The newly identified vulnerabilities, CVE-2024-28990 and CVE-2024-28991, have the potential to compromise the security of networks utilizing ARM, with impacts ranging from unauthorized access to remote code execution.

CVE-2024-28990 (CVSS 6.3): Hardcoded Credentials Authentication Bypass

The first vulnerability, tracked as CVE-2024-28990, is a hardcoded credential authentication bypass flaw. Discovered by Piotr Bazydlo (@chudypb) of Trend Micro’s Zero Day Initiative, this means that attackers could potentially gain unauthorized access to the RabbitMQ management console, a key component of the ARM system.

CVE-2024-28991 (CVSS 9.0): Deserialization of Untrusted Data Remote Code Execution

The second and even more critical vulnerability, identified as CVE-2024-28991, also discovered by Piotr Bazydlo, allows for remote code execution. An authenticated attacker could exploit this flaw to execute malicious code on the targeted system, potentially leading to complete control over the ARM application and access to sensitive data.

Impact and Urgency

These vulnerabilities have the potential to severely compromise the security of organizations using SolarWinds ARM. The impact could include:

• Unauthorized access to sensitive data
• Execution of malicious code
• Privilege escalation and lateral movement within the network
• Disruption of critical IT operations

Given the severity of these vulnerabilities, SolarWinds strongly urges all users to update their ARM installations to version 2024.3.1 immediately. This update addresses both flaws and mitigates the associated risks.

Related Posts:

• SolarWinds Patches Multiple Critical Vulnerabilities in Access Rights Manager
• CVE-2024-28986 (CVSS 9.8): SolarWinds Web Help Desk Users Must Patch Now!
• SolarWinds Web Help Desk Hit by Critical Vulnerability (CVE-2024-28987)
• CISA Warns of Active Exploitation in SolarWinds Web Help Desk Vulnerability
• CVE-2024-0692: SolarWinds Security Event Manager Unauthenticated RCE Flaw
• ARM Mali GPU Zero-Day Security Vulnerability
• Researcher details 5 zero-day flaws in Qualcomm chipsets & ARM Mali GPU