HQ/EMEAFind out how we can help your business
The SolarWinds ARM product has displayed three critical remote code execution (RCE) vulnerabilities, posing a risk for potential remote attackers to execute code with SYSTEM-level privileges.
Based on reports, the Access Rights Manager (ARM) product is a utility that can manage and monitor user access rights in IT environments. It could offer features like Microsoft Active Directory integration, role-based access control, visual feedback, and more.
Cybersecurity researchers reported these vulnerabilities to the affected entity on June 22. The report included eight flaws in the SolarWinds solution; three are under the critical severity category. The vendor has since addressed these vulnerabilities and released the patch in version 2023.2.1 of its Access Rights Manager to repair the flaws.
The three vulnerabilities in the SolarWinds’ ARM product could enable attackers to execute high-privilege attacks that could cause massive damage.
The SolarWinds ARM has severely suffered from CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187.
The first flaw is tracked under CVE-2023-35182 (severity: 9.8), which is a bug that allows remote, unauthenticated attackers to operate arbitrary code within the SYSTEM context due to the deserialisation of untrusted data in the ‘createGlobalServerChannelInternal’ method.
The next one is CVE-2023-35185 (severity: 9.8). This flaw could also allow remote, unauthenticated attackers to run arbitrary code within the SYSTEM context, primarily because of the absence of validation for user-supplied paths in the ‘OpenFile’ method.
The third critical flaw is CVE-2023-35187 (severity: 9.8). In this case, remote, unauthenticated attackers can execute arbitrary code in the SYSTEM context without requiring authentication because of the insufficient validation of user-supplied paths in the ‘OpenClientUpdateFile’ method.
Executing code within the “SYSTEM” context on Windows systems grants the attacker the highest privileges on the compromised machine. Hence, the SYSTEM account is an internal account reserved for the operating system and its services, giving attackers complete control over all files on the victim’s system.
Other security flaws addressed by SolarWinds in its Access Rights Manager carry a high severity rating. Attackers could exploit them to escalate permissions or run arbitrary code on the host following authentication.
It is worth noting that SolarWinds did not classify any of these security issues as critical, with the highest rating being 8.8 for high-severity vulnerabilities, as determined by the company. Therefore, organisations that run this product should address it by employing the latest patch and avoid potential exploitation from threat actors.
