SolarWinds ARM Server Vulnerability

Oct 30, 2023

SolarWinds Access Rights Manager (ARM) was found to be susceptible to several vulnerabilities, including CVE-2023-35182, which is a deserialization of untrusted data vulnerability in the 'createGlobalServerChannelInternal' method[1][3]. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server, allowing them to execute arbitrary code with SYSTEM privileges[1][2][3][5].

Here are some key details about CVE-2023-35182:

- **Affected Products**: SolarWinds ARM 2023.2.0.73 and prior versions are affected by this vulnerability[1].

- **Severity**: This vulnerability has a CVSS score of 9.8 out of 10, which is considered critical[1][2][3][5].

- **Exploitation**: This vulnerability can be exploited by unauthenticated users on SolarWinds ARM Server, allowing them to execute arbitrary code with SYSTEM privileges[1][2][3][5].

- **Mitigation**: SolarWinds has released a patch to address the vulnerabilities in ARM Server, including CVE-2023-35182. It is important to update the software to the latest version to ensure that the vulnerabilities are fixed[1][2][3][5].

It is important to note that SolarWinds ARM Server was found to be susceptible to several other vulnerabilities, including Remote Code Execution Vulnerability, Incorrect Default Permissions Local Privilege Escalation Vulnerability, and Directory Traversal Remote Code Vulnerability using SYSTEM privileges[1][2][3][5]. These vulnerabilities can be abused by unauthenticated and authenticated users on SolarWinds ARM Server, allowing them to abuse local resources, escalate privileges, and execute remote code[1][2][3][5]. It is important to take necessary precautions to prevent these vulnerabilities from being exploited, including updating the software, implementing access controls, monitoring for suspicious activity, and training employees[1][2][3][5].

What is SolarWinds Arm Server

SolarWinds Access Rights Manager (ARM) is a software designed to assist IT and security administrators in quickly and easily provisioning, deprovisioning, managing, and auditing user access rights across IT infrastructure[4][7]. It is built to standardize user credentials with role-specific templates, enabling IT teams to create secure accounts at scale[7]. ARM is designed to deliver customized Active Directory (AD) and Azure AD reports, showing who has access to what, and when they accessed this data[7]. It also streamlines user onboarding and enables rapid response to account termination requests[7].

Here are some key features of SolarWinds ARM Server:

- **User Provisioning and Deprovisioning**: ARM Server provides simplified self-service permission management with role-specific templates to help assure conformity of access privilege delegation, in alignment with security policies[6][4][7].

- **Access Rights Auditing**: ARM Server enables IT and security administrators to audit user access rights across IT infrastructure[4][7].

- **Customized Reports**: ARM Server delivers customized Active Directory (AD) and Azure AD reports, showing who has access to what, and when they accessed this data[7].

- **Automation**: ARM Server streamlines user onboarding and enables rapid response to account termination requests[7].

- **Standardization**: ARM Server is built to standardize user credentials with role-specific templates, enabling IT teams to create secure accounts at scale[7].

It is important to note that SolarWinds ARM Server was found to be susceptible to several vulnerabilities, including Remote Code Execution Vulnerability, Incorrect Default Permissions Local Privilege Escalation Vulnerability, and Directory Traversal Remote Code Vulnerability using SYSTEM privileges[6]. These vulnerabilities can be abused by unauthenticated and authenticated users on SolarWinds ARM Server, allowing them to abuse local resources, escalate privileges, and execute remote code[6]. It is important to take necessary precautions to prevent these vulnerabilities from being exploited, including updating the software, implementing access controls, monitoring for suspicious activity, and training employees[6].

Citations:

[1] https://www.solarwinds.com/trust-center/security-advisories/cve-2023-35182

[2] https://socradar.io/solarwinds-releases-crucial-fixes-for-arm-security-vulnerabilities-cve-2023-35182-cve-2023-35185-and-cve-2023-35187/

[3] https://en.cyberhat.online/forum/daily-cve-english/security-vulnerabilities-released-19-october-2023

[4] https://www.solarwinds.com/assets/solarwinds/swdcv2/licensed-products/access-rights-manager/resources/datasheets/arm-datasheet.pdf

[5] https://www.tenable.com/cve/CVE-2023-35182

[6] https://thwack.solarwinds.com/product-forums/access-rights-manager-arm

[7] https://www.solarwinds.com/access-rights-manager

Trending

The Silent Threat in Systems: Two New Vulnerabilities in Tenable Network Monitor

2025 Vulnerabilities in Real Estate Software

Critical Security Vulnerabilities in Dell ControlVault3 Firmware

Remote Code Execution in EV Charging Stations

Server-Side Request Forgery (SSRF) Vulnerability in SmartRobot by INTUMIT

Critical CSRF Vulnerability in Siemens SIMATIC S7-1200 PLCs: Exploitation and Defense

Prisma Access Browser Security Update: Take Action to Address Critical Vulnerabilities

SolarWinds ARM Server Vulnerability

SolarWinds ARM Server Vulnerability

What is SolarWinds Arm Server

Post a Comment

İletişim Formu