Directory Traversal Remote Code Execution Vulnerability

(CVE-2023-40054)

Summary

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

We found this issue was not resolved in CVE-2023-33226. SolarWinds recommends all customers should upgrade to SolarWinds Platform 2023.4 .1

Affected Products

Network Configuration Manager 2023.4 and previous versions

Fixed Software Release

Network Configuration Manager 2023.4.1

Acknowledgments

SolarWinds Security Team

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-40054

First Published

11/01/2023

Fixed Version

Network Configuration Manager 2023.4.1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H