SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
"SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability," the company said in an advisory. "If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution."
The ZDI, which has assigned the shortcoming a CVSS score of 9.9, said it exists within a class called JsonSerializationBinder and stems from a lack of proper validation of user-supplied data, thus exposing ARM devices to a deserialization vulnerability that could then be abused to execute arbitrary code.
"Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed," the ZDI said.
Also addressed by SolarWinds is a medium-severity flaw in ARM (CVE-2024-28990, CVSS score: 6.3) that exposed a hard-coded credential which, if successfully exploited, could allow unauthorized access to the RabbitMQ management console.
Affected Systems
-
IoC’s
-
Recommended Solution(s)
Both the issues have been patched in ARM version 2024.3.1. Although there is currently no evidence of active exploitation of the vulnerabilities, users are recommended to update to the latest version as soon as possible to safeguard against potential threats.
Mitigations
-
CVE / CWE
CVE-2024-28990
Related Website(s)
* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.
+90 216 504 53 32
Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul
+90 312 235 44 51
You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.