Pierluigi Paganini
September 16, 2024
SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM)
The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions.
“SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability.” reads the advisory. “If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.”
The vulnerability was discovered by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative.
“This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.” reads the report published by Trend Micro Zero Day Initiative. “The specific flaw exists within the JsonSerializationBinder class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.”
Although authentication is needed to exploit the vulnerability, threat actors can bypass the authentication mechanism.
The company also addressed a hardcoded credential vulnerability, tracked as CVE-2024-28990, in ARM.
An attacker can exploit the vulnerability to bypass authentication and access the RabbitMQ management console. Piotr Bazydlo also reported this vulnerability.
SolarWinds addressed the issues with the release of Access Rights Manager (ARM) 2024.3.1.
The company is not aware of attacks in the wild exploiting these vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ARM)
