Directory Traversal Remote Code Execution Vulnerability (CVE-2023-40054)
Summary
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows a low-level user to perform the actions with SYSTEM privileges.
We found this issue was not resolved in CVE-2023-33226. SolarWinds recommends all customers should upgrade to SolarWinds Platform 2023.4 .1
Affected Products
- Network Configuration Manager 2023.4 and previous versions
Fixed Software Release
Acknowledgments
- SolarWinds Security Team
Advisory Details
Severity
High
Advisory ID
First Published
11/01/2023
Fixed Version