Directory Traversal Remote Code Execution Vulnerability 

(CVE-2023-40055)

Summary

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability would allow a low-level user to perform the actions with SYSTEM privileges.

We found this issue was not resolved in CVE-2023-33227. SolarWinds recommends all customers should upgrade to Network Configuration Manager 2023.4.1.

Affected Products

2023.4 and previous versions

Fixed Software Release

Network Configuration Manager 2023.4.1

Acknowledgments

SolarWinds Security Team



Advisory Details

Severity

8.0 High

Advisory ID

First Published

11/01/2023