Researchers have discovered three critical vulnerabilities in SolarWinds Access Rights Manager (ARM) that allow remote attackers to execute code with SYSTEM privileges.
SolarWinds ARM is a tool used for managing and auditing user access rights in IT environments. It provides features such as Microsoft Active Directory integration, role-based access control, and visual feedback.
On June 22, security researchers reported eight vulnerabilities in the SolarWinds solution, with three of them classified as critical. The vendor has released a patch in version 2023.2.1 of Access Rights Manager to address all vulnerabilities.
Here are the descriptions and identifiers for the three critical vulnerabilities:
- CVE-2023-35182 (9.8 severity): Remote unauthenticated attackers can execute arbitrary code in the context of the SYSTEM due to the deserialization of untrusted data in the ‘createGlobalServerChannelInternal’ method
- CVE-2023-35185 (9.8 severity): Remote unauthenticated attackers can execute arbitrary code in the context of the SYSTEM due to a lack of validation of user-supplied paths in the ‘OpenFile’ method
- CVE-2023-35187 (9.8 severity): Remote unauthenticated attackers can execute arbitrary code in the context of the SYSTEM without authentication due to a lack of validation of user-supplied paths in the ‘OpenClientUpdateFile’ method
Executing code in the context of “SYSTEM” on Windows computers grants the highest privileges, giving attackers full control over victim machine files.
SolarWinds has also addressed other security issues in Access Rights Manager, classified as high-severity, which attackers could exploit to increase permissions or execute arbitrary code after authentication.
The company has published an advisory detailing the vulnerabilities and their severity ratings, with the highest rating being 8.8 for high-severity issues.
