SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability

(CVE-2023-35185)

Summary

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.

Affected Products

SolarWinds ARM 2023.2.0.73 and prior versions

Fixed Software Release

SolarWinds ARM 2023.2.1

Acknowledgments

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative

Advisory Details

Severity

8.8 High

Advisory ID

First Published

10/18/2023

Last Updated

10/18/2023

Fixed Version

SolarWinds ARM 2023.2.1

CVSS Score

CVSS:8.8AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H