Directory Traversal Remote Code Execution Vulnerability
(CVE-2023-40055)
Summary
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability would allow a low-level user to perform the actions with SYSTEM privileges.
We found this issue was not resolved in CVE-2023-33227. SolarWinds recommends all customers should upgrade to Network Configuration Manager 2023.4.1.
Affected Products
2023.4 and previous versions
Fixed Software Release
Network Configuration Manager 2023.4.1
Acknowledgments
SolarWinds Security Team
Advisory Details
Severity
8.0 High
Advisory ID
First Published
11/01/2023