Directory Traversal Remote Code Execution Vulnerability 

(CVE-2023-40054)

Summary

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

We found this issue was not resolved in CVE-2023-33226. SolarWinds recommends all customers should upgrade to SolarWinds Platform 2023.4 .1

Affected Products

  • Network Configuration Manager 2023.4 and previous versions

Fixed Software Release

Acknowledgments

  • SolarWinds Security Team

Advisory Details

Severity

8.0 High

Advisory ID

First Published

11/01/2023