SolarWinds has released a patch for 10 vulnerabilities in its Access Rights Manager (ARM), a tool used by organizations to manage and audit access rights across IT infrastructure.
Six of the flaws are considered critical Remote Code Execution (RCE) vulnerabilities that could allow threat actors to execute code and commands on unpatched instances, even those with system-level privileges.
SolarWinds also addressed three critical directory traversal vulnerabilities that could allow unauthenticated threat actors to access and manipulate sensitive files, as well as a high-severity authentication bypass vulnerability that could allow threat actors to obtain administrator-level access within Active Directory.
All the vulnerabilities were patched in Access Rights Manager version 2024.3 released on Wednesday, July 17. So far, SolarWinds hasn’t indicated whether the vulnerabilities have been exploited in the wild or if proof-of-concept (POC) exploits exist.
Source: Bleeping Computer
Analysis
Field Effect has not yet found any evidence that the vulnerabilities mentioned above are actively being exploited, nor publicly available PoC exploit code.
Similar vulnerabilities in ARM, discovered in February 2024, have also not been knowingly exploited. However, threat actors have recently exploited vulnerabilities in other SolarWinds solutions.
For example, in June 2024, a high-severity directory transversal vulnerability in SolarWinds’ Serv-U was quickly exploited after an overly eager cybersecurity company released PoC code before admins had the chance to patch their systems.
You may also recall that SolarWinds was the victim of a widely reported breach in 2020 when hackers working for Russia’s Foreign Intelligence Service (SVR) infiltrated SolarWinds' internal systems and injected malicious code into SolarWinds Orion builds. The trojanized builds enabled the deployment of the Sunburst backdoor on thousands of systems, which were downloaded by customers between March 2020 and June 2020. This supply chain attack ended up impacting 96% of Fortune 500 companies, as well as many U.S. government departments.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software like SolarWinds. Field Effect MDR users are automatically notified if vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of affected SolarWinds ARM versions update to the latest version as soon as possible, in accordance with the advisory.
Related Articles