October 20, 2023 at 11:06AM
Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all 9.8, and they enable attackers to execute arbitrary code. SolarWinds also addressed additional security issues in its Access Right Manager, but none were rated critical.
The meeting notes highlight that security researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. These vulnerabilities allow remote attackers to run code with SYSTEM privileges. SolarWinds ARM is a tool used for managing and auditing user access rights in IT environments, offering features like Microsoft Active Directory integration and role-based access control.
The vulnerabilities were reported by researchers through Trend Micro’s Zero Day Initiative (ZDI), with eight flaws in total, three of which are classified as critical. The vendor has addressed all vulnerabilities with a patch available in version 2023.2.1 of the Access Rights Manager.
Here are the details and identifiers for the three critical remote code execution (RCE) vulnerabilities:
1. CVE-2023-35182 (severity 9.8): Remote unauthenticated attackers can execute arbitrary code in the context of SYSTEM by exploiting the deserialization of untrusted data in the ‘createGlobalServerChannelInternal’ method.
2. CVE-2023-35185 (severity 9.8): Remote unauthenticated attackers can execute arbitrary code in the context of SYSTEM due to a lack of validation of user-supplied paths in the ‘OpenFile’ method.
3. CVE-2023-35187 (severity 9.8): Remote unauthenticated attackers can execute arbitrary code in the context of SYSTEM without authentication due to a lack of validation of user-supplied paths in the ‘OpenClientUpdateFile’ method.
Executing code with “SYSTEM” privileges on Windows computers grants the highest level of access and control over the victim machine’s files. Attackers who exploit these vulnerabilities could gain full control.
Additionally, SolarWinds addressed other high-severity security issues in the Access Rights Manager. Attackers could exploit these issues to increase permissions or execute arbitrary code on the host, but authentication is required for these attacks.
SolarWinds has published an advisory detailing the vulnerabilities and their severity ratings, with the highest rating being 8.8 for high-severity issues. Notably, the company did not rate any of the security issues as critical.