SolarWinds ARM RCE: Unauth SYSTEM Privilege Escalation
CVE-2024-23469 Published on July 17, 2024
SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
Vulnerability Analysis
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2024-23469
Want to know whenever a new CVE is published for SolarWinds Access Rights Manager? stack.watch will email you.
Affected Versions
SolarWinds Access Rights Manager:- Version previous versions, <= 2023.2.4 is affected.
- Before and including 2023.2.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.