Directory Traversal Remote Code Execution Vulnerability

(CVE-2023-40055)

Summary

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability would allow a low-level user to perform the actions with SYSTEM privileges.

We found this issue was not resolved in CVE-2023-33227. SolarWinds recommends all customers should upgrade to Network Configuration Manager 2023.4.1.

Affected Products

2023.4 and previous versions

Fixed Software Release

Network Configuration Manager 2023.4.1

Acknowledgments

SolarWinds Security Team

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-40055

First Published

11/01/2023

Fixed Version

Network Configuration Manager 2023.4.1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H