SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

(CVE-2024-45710)

Summary

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.

We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Affected Products

SolarWinds Platform 2024.2.1 and all previous versions

Fixed Software Release

SolarWinds Platform 2024.4

Acknowledgments

Will Dormann working with Trend Micro Zero Day Initiative

Advisory Details

Severity

7.8 High

Advisory ID

CVE-2024-45710

First Published

10/17/2024

Fixed Version

SolarWinds Platform 2024.4

CVSS Score

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H