SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability

(CVE-2023-35182)

Summary

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

Affected Products

SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

SolarWinds ARM 2023.2.1

Acknowledgments

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day InitiativeTrend Micro Zero Day Initiative.

Advisory Details

Severity

8.8 High

Advisory ID

CVE-2023-35182

First Published

10/18/2023

Last Published

10/18/2023

Fixed Version

SolarWinds ARM 2023.2.1

CVSS Score

CVSS:8.8AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H