SolarWinds Platform Improper Comparison RCE via Web Console (NETWORK SERVICE)
CVE-2023-23840 Published on September 13, 2023
SolarWinds Platform Exposed Dangerous Method Vulnerability
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Vulnerability Analysis
Weakness Type
Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
Products Associated with CVE-2023-23840
stack.watch emails you whenever new vulnerabilities are published in SolarWinds Orion Platform or Solarwinds Platform. Just hit a watch button to start following.
Affected Versions
SolarWinds Platform:- Before 2023.3.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.