SolarWinds, the company that was hit by a massive cyberattack in 2020, has released security updates for its Access Rights Manager (ARM) software, which is used to manage and audit access to Microsoft resources. The updates address five remote code execution (RCE) vulnerabilities, three of which are rated critical.
RCE vulnerabilities allow attackers to execute code remotely
The critical RCE vulnerabilities, identified as CVE-2023-40057, CVE-2024-23476, and CVE-2024-23479, were discovered and reported by Trend Micro’s Zero Day Initiative (ZDI). They affect how the ARM software handles deserialization of untrusted data and file paths. If exploited, these vulnerabilities could allow an authenticated or unauthenticated attacker to execute code in the context of the SolarWinds service or the system user.
According to SolarWinds’ advisory, CVE-2023-40057 is a bug in the createGlobalServerChannelInternal method, which can result in deserialization of untrusted data. CVE-2024-23476 and CVE-2024-23479 are both directory traversal bugs, which occur in the OpenFile and OpenClientUpdateFile methods, respectively. These bugs can allow an attacker to access files outside of the intended directory.
SolarWinds also patches two high-rated bugs in Orion Platform
In addition to the five RCE vulnerabilities in ARM, SolarWinds also disclosed two high-rated bugs in its Orion Platform, which was the main target of the 2020 cyberattack. These bugs, CVE-2023-50395 and CVE-2023-35188, are both SQL injection vulnerabilities that affect an update statement and a create statement, respectively. SolarWinds said that these bugs can only be exploited by an authenticated user, and have not been seen in the wild.
The Orion Platform is a suite of network management tools that is used by thousands of customers, including government agencies and Fortune 500 companies. In 2020, hackers compromised the Orion Platform by inserting malicious code into its software updates, which allowed them to access the networks of SolarWinds’ customers and steal sensitive data. The attack was attributed to a Russian state-sponsored group known as APT29 or Cozy Bear.
SolarWinds urges customers to apply the security updates as soon as possible
SolarWinds has patched the vulnerabilities in the latest versions of its software: ARM 2023.2.3 and Orion Platform 2023.2.6. The company has advised its customers to apply the security updates as soon as possible to protect their systems from potential attacks. SolarWinds has also provided mitigation steps for customers who cannot update their software immediately.
SolarWinds has been working to improve its security posture and regain the trust of its customers after the 2020 cyberattack. The company has hired a new chief information security officer, hired external security experts, implemented new security tools and processes, and launched a secure by design program. SolarWinds has also cooperated with law enforcement and government agencies to investigate the attack and prevent future incidents.