SolarWinds has released critical updates to address two security vulnerabilities in its Access Rights Manager (ARM) software, including a severe flaw that could lead to remote code execution (RCE). These vulnerabilities pose significant security risks to organizations using ARM for managing access rights and privileges.
One of the vulnerabilities tracked as CVE-2024-28991, is a critical severity issue with a CVSS score of 9.0. It stems from the deserializing untrusted data, allowing attackers to exploit the vulnerability and potentially execute arbitrary code.
Vulnerability Details
CVE-2024-28991 (Severity: 9.0 Critical) – This critical vulnerability is due to improper validation of user-supplied data in the JsonSerializationBinder class, which makes ARM susceptible to a deserialization attack. If exploited, an authenticated user could bypass existing security mechanisms and trigger remote code execution. This flaw was discovered by Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI), which rated it even more critically at 9.9 on the CVSS scale.
The ZDI further explained that although authentication is required to exploit this flaw, the existing authentication mechanism can be bypassed, increasing the severity of the issue.
CVE-2024-28990 (Severity: 6.3 Medium) – A second flaw was also addressed, involving a hard-coded credential within the ARM software. If exploited, this vulnerability could grant unauthorized access to the RabbitMQ management console, allowing attackers to potentially manage messaging systems in the environment. This issue, although not as critical as CVE-2024-28991, still poses a significant risk and requires prompt patching.
Affected Product
SolarWinds Access Rights Manager (ARM), versions before 2024.3.1.
Solution
Both vulnerabilities have been patched in SolarWinds ARM version 2024.3.1. Although there is currently no evidence of active exploitation, SolarWinds strongly advises all users to update to the latest version as soon as possible. Implementing this patch will help prevent attackers from exploiting these vulnerabilities and executing arbitrary code or gaining unauthorized access to management systems.
Potential Threats
These vulnerabilities could lead to several potential security risks, including but not limited to:
- Execution of arbitrary code on compromised systems
- Unauthorized access to sensitive data and systems
- Full control over messaging and management services
- Disruption of critical business operations
Organizations using SolarWinds ARM must act quickly to apply these patches and secure their systems from any potential exploit.
Conclusion
The critical vulnerability CVE-2024-28991 and medium-severity issue CVE-2024-28990 highlight the importance of keeping systems updated and maintaining robust security measures. While no active exploitation of these vulnerabilities has been reported, the risk remains high, particularly given the potential bypass of authentication mechanisms.
SolarWinds users are urged to apply the security patches in ARM version 2024.3.1 immediately. As cyber threats evolve, staying vigilant and proactive in vulnerability management is vital to maintaining system integrity and security.
SanerNow can help organizations manage and deploy these critical patches efficiently, ensuring timely updates across all systems.
