Lucene search

SolarWindsVULNRICHMENT:CVE-2023-40057

HistoryFeb 15, 2024 - 8:36 p.m.

CVE-2023-40057 SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution

2024-02-1520:36:12

CWE-502

SolarWinds

github.com

solarwinds

access rights manager

deserialization

untrusted data

remote code execution

vulnerability

authenticated user

remote code execution vulnerability

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*"
    ],
    "vendor": "solarwinds",
    "product": "access_rights_manager",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2023.2.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-40057