CVE-2024-28991 (CVSS 9.0): SolarWinds Access Rights Manager RCE Flaw

Summary: SolarWinds has announced two critical vulnerabilities in their Access Rights Manager (ARM) software, which could lead to unauthorized access and remote code execution. Users are urged to update to the latest version to mitigate these risks.

Threat Actor: Unknown | unknown
Victim: SolarWinds ARM users | SolarWinds ARM users

Key Point :

  • Two vulnerabilities identified: CVE-2024-28990 (authentication bypass) and CVE-2024-28991 (remote code execution).
  • CVE-2024-28990 allows unauthorized access to the RabbitMQ management console.
  • CVE-2024-28991 enables authenticated attackers to execute malicious code remotely.
  • Potential impacts include unauthorized data access, privilege escalation, and disruption of IT operations.
  • SolarWinds recommends immediate update to version 2024.3.1 to address these vulnerabilities.

In a recent security advisory, SolarWinds has disclosed two vulnerabilities affecting their Access Rights Manager (ARM) software. ARM is widely used by IT and security administrators to manage and audit user access rights across an organization’s IT infrastructure. The newly identified vulnerabilities, CVE-2024-28990 and CVE-2024-28991, have the potential to compromise the security of networks utilizing ARM, with impacts ranging from unauthorized access to remote code execution.

CVE-2024-28990 (CVSS 6.3): Hardcoded Credentials Authentication Bypass

The first vulnerability, tracked as CVE-2024-28990, is a hardcoded credential authentication bypass flaw. Discovered by Piotr Bazydlo (@chudypb) of Trend Micro’s Zero Day Initiative, this means that attackers could potentially gain unauthorized access to the RabbitMQ management console, a key component of the ARM system.

CVE-2024-28991 (CVSS 9.0): Deserialization of Untrusted Data Remote Code Execution

The second and even more critical vulnerability, identified as CVE-2024-28991, also discovered by Piotr Bazydlo, allows for remote code execution. An authenticated attacker could exploit this flaw to execute malicious code on the targeted system, potentially leading to complete control over the ARM application and access to sensitive data.

Impact and Urgency

These vulnerabilities have the potential to severely compromise the security of organizations using SolarWinds ARM. The impact could include:

  • Unauthorized access to sensitive data
  • Execution of malicious code
  • Privilege escalation and lateral movement within the network
  • Disruption of critical IT operations

Given the severity of these vulnerabilities, SolarWinds strongly urges all users to update their ARM installations to version 2024.3.1 immediately. This update addresses both flaws and mitigates the associated risks.

Related Posts:

Source: https://securityonline.info/cve-2024-28991-cvss-9-0-solarwinds-access-rights-manager-rce-flaw