SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (CVE-2024-45710)

Summary

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.

We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

Affected Products

SolarWinds Platform 2024.2.1 and all previous versions

Fixed Software Release

SolarWinds Platform 2024.4

Acknowledgments

Will Dormann working with Trend Micro Zero Day Initiative

Advisory Details
Severity
High
Advisory ID

CVE-2024-45710

First Published
10/17/2024
Fixed Version

SolarWinds Platform 2024.4

CVSS Score

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email