Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1586HistoryNov 06, 2023 - 12:00 a.m.
SolarWinds Network Configuration Manager SaveResultsToFile Directory Traversal Remote Code Execution Vulnerability
2023-11-0600:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
9
solarwinds network configuration manager
saveresultstofile
directory traversal
remote code execution
vulnerability
authentication
file operations
system context
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SaveResultsToFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
nvd
nvd
CVE-2023-33227
2023-11-01 16:15:08
CVE-2023-40055
2023-11-09 15:15:08
vulnrichment
vulnrichment
cve
cve
CVE-2023-33227
2023-11-01 16:15:08
CVE-2023-40055
2023-11-09 15:15:08
prion
prion
Remote code execution
2023-11-01 16:15:00
Remote code execution
2023-11-09 15:15:00
cvelist
cvelist
nessus
nessus
SolarWinds Platform < 2023.4 Multiple Vulnerabilities
2024-02-07 00:00:00