SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

(CVE-2023-35181)

Summary

The SolarWinds Access Rights Manager was susceptible to Privilege
Escalation Vulnerability. This vulnerability allows users to abuse
incorrect folder permission resulting in Privilege Escalation.

Affected Products

SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

SolarWinds ARM 2023.2.1

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

7.8 High

Advisory ID

CVE-2023-35181

First Published

10/18/2023

Last Published

10/18/2023

Fixed Version

SolarWinds ARM 2023.2.1

CVSS Score

CVSS:7.8:AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H