SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2023-33225)

Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

Affected Products

SolarWinds Platform 2023.2.1 and prior versions

Fixed Software Release

SolarWinds Platform 2023.3

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

Medium

Advisory ID

CVE-2023-33225

First Published

07/18/2023

Last Published

07/18/2023

Fixed Version

SolarWinds Platform 2023.3

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Download PDF

Send an Email