Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1585HistoryNov 06, 2023 - 12:00 a.m.
SolarWinds Network Configuration Manager ExportConfigs Directory Traversal Remote Code Execution Vulnerability
2023-11-0600:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
23
solarwinds
network configuration manager
directory traversal
remote code execution
vulnerability
authentication
file operations
system
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExportConfigs method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
nvd
nvd
CVE-2023-33226
2023-11-01 16:15:08
CVE-2023-40054
2023-11-09 15:15:07
cve
cve
CVE-2023-33226
2023-11-01 16:15:08
CVE-2023-40054
2023-11-09 15:15:07
prion
prion
Remote code execution
2023-11-01 16:15:00
Remote code execution
2023-11-09 15:15:00
cvelist
cvelist
vulnrichment
vulnrichment
nessus
nessus
SolarWinds Platform < 2023.4 Multiple Vulnerabilities
2024-02-07 00:00:00