Headline
CVE-2023-35186: ARM 2023.2.1 Release Notes
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
Release date: October 18, 2023
Access Rights Manager 2023.2.1 is a service release providing bug and security fixes for release 2023.2. For information about the 2023.2 release, including EOL notices and upgrade information, see Access Rights Manager 2023.2 Release Notes.
Fixes
Case number
Description
01385586
A OneDrive scan no longer fails when enabled.
01331492
AD Logga now initializes properly and no longer generates errors.
N/A
An issue flooding AD Logga with random log files is resolved.
01386041
A user logon password is no longer saved as plain text in memory.
N/A
You can now enable or disable SID and GUID in the Rich client.
N/A
An HTTP failure error no longer displays when performing a Directories File system permissions analysis.
N/A
AD Logga now initiates properly and no longer generates an error.
Return to top
CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
CVE-ID
Vulnerability Title
Description
Severity
Credit
CVE-2023-35180
SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
8.0 High
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
CVE-2023-35181
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
7.8 High
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
CVE-2023-35182
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
8.8 High
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day InitiativeTrend Micro Zero Day Initiative.
CVE-2023-35183
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
7.8 High
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
CVE-2023-35184
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution.
8.8 High
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
CVE-2023-35185
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
8.8 High
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
CVE-2023-35186
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
8.0 High
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
CVE-2023-35187
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.
8.8 High
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
Return to top
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.
Related news
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.