CVE-2024-23475:CVE-2024-23475 is a critical vulnerability in SolarWinds Access Rights Manager that allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information through a Directory Traversal and Information Disclosure Vulnerability.

splash
Back

Description Preview

The SolarWinds Access Rights Manager was found to be vulnerable to a Directory Traversal and Information Disclosure Vulnerability, identified as CVE-2024-23475. This vulnerability enables an attacker without authentication to manipulate file paths to access unauthorized directories and retrieve sensitive information. The impact of this vulnerability is severe, with high confidentiality, integrity, and availability impacts, making it critical to address promptly.

Overview

The vulnerability in SolarWinds Access Rights Manager (CVE-2024-23475) allows an unauthenticated attacker to exploit a Directory Traversal and Information Disclosure flaw, potentially leading to arbitrary file deletion and unauthorized access to sensitive data. The vulnerability has a CVSS v3.1 base score of 9.6, indicating a critical severity level with high impacts on confidentiality, integrity, and availability.

Remediation

To mitigate the CVE-2024-23475 vulnerability in SolarWinds Access Rights Manager, all customers are strongly advised to upgrade to the latest version, specifically version 2024.3. By updating to the patched version, organizations can address the security flaw and prevent potential exploitation by malicious actors. It is crucial to apply the recommended solution promptly to secure the system and protect sensitive data from unauthorized access and manipulation.

References

  1. CVE-2024-23475 Details: CVE-2024-23475
  2. SolarWinds Access Rights Manager Release Notes: SolarWinds ARM 2024.3 Release Notes
  3. Trend Micro Zero Day Initiative Credit: Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
  4. Common Weakness Enumeration (CWE) - CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Public Administration
    Public Administration
  3. Management of Companies & Enterprises
    Management of Companies & Enterprises
  4. Accommodation & Food Services
    Accommodation & Food Services
  5. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  6. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  7. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  8. Construction
    Construction
  9. Educational Services
    Educational Services
  10. Finance and Insurance
    Finance and Insurance
  11. Health Care & Social Assistance
    Health Care & Social Assistance
  12. Information
    Information
  13. Mining
    Mining
  14. Other Services (except Public Administration)
    Other Services (except Public Administration)
  15. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background