CVE-2024-28075 (GCVE-0-2024-28075)

Vulnerability from cvelistv5 – Published: 2024-05-09 12:42 – Updated: 2024-08-02 00:48
VLAI?
Title
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution
Summary
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity ?
9 (Critical)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
SolarWinds Access Rights Manager Affected: previous versions , ≤ 2023.2.3 (2023.2.3)
Create a notification for this product.
Credits
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:solarwinds:access_rights_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "access_rights_manager",
            "vendor": "solarwinds",
            "versions": [
              {
                "lessThan": "2023.2.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28075",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T14:13:32.125480Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T16:14:26.541Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:48:48.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Access Rights Manager",
          "vendor": "SolarWinds",
          "versions": [
            {
              "lessThanOrEqual": "2023.2.3",
              "status": "affected",
              "version": "previous versions",
              "versionType": "2023.2.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
        }
      ],
      "datePublic": "2024-05-09T09:02:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. \u003cbr\u003e\u003cbr\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.   "
            }
          ],
          "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. \n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.   "
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T12:42:44.975Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm"
        },
        {
          "url": "https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.4\u003cbr\u003e"
            }
          ],
          "value": "All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.4\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2024-28075",
    "datePublished": "2024-05-09T12:42:44.975Z",
    "dateReserved": "2024-03-01T08:53:44.513Z",
    "dateUpdated": "2024-08-02T00:48:48.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. \\n\\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.   \"}, {\"lang\": \"es\", \"value\": \"SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo. Esta vulnerabilidad permite que un usuario autenticado abuse del servicio SolarWinds, lo que resulta en la ejecuci\\u00f3n remota de c\\u00f3digo. Agradecemos a Trend Micro Zero Day Initiative (ZDI) por su asociaci\\u00f3n continua para coordinar con SolarWinds la divulgaci\\u00f3n responsable de esta y otras vulnerabilidades potenciales.\"}]",
      "id": "CVE-2024-28075",
      "lastModified": "2024-11-21T09:05:45.687",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@solarwinds.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}]}",
      "published": "2024-05-14T15:13:53.397",
      "references": "[{\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm\", \"source\": \"psirt@solarwinds.com\"}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm\", \"source\": \"psirt@solarwinds.com\"}, {\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075\", \"source\": \"psirt@solarwinds.com\"}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@solarwinds.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"psirt@solarwinds.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-28075\",\"sourceIdentifier\":\"psirt@solarwinds.com\",\"published\":\"2024-05-14T15:13:53.397\",\"lastModified\":\"2025-02-26T18:44:52.290\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. \\n\\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.   \"},{\"lang\":\"es\",\"value\":\"SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite que un usuario autenticado abuse del servicio SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo. Agradecemos a Trend Micro Zero Day Initiative (ZDI) por su asociaci\u00f3n continua para coordinar con SolarWinds la divulgaci\u00f3n responsable de esta y otras vulnerabilidades potenciales.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@solarwinds.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@solarwinds.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.2.4\",\"matchCriteriaId\":\"1054025C-3B73-4F7B-A445-43410249B1B7\"}]}]}],\"references\":[{\"url\":\"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm\",\"source\":\"psirt@solarwinds.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm\",\"source\":\"psirt@solarwinds.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075\",\"source\":\"psirt@solarwinds.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:48:48.249Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28075\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-05T14:13:32.125480Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:solarwinds:access_rights_manager:-:*:*:*:*:*:*:*\"], \"vendor\": \"solarwinds\", \"product\": \"access_rights_manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2023.2.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-09T15:37:29.065Z\"}}], \"cna\": {\"title\": \"SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative\"}], \"impacts\": [{\"capecId\": \"CAPEC-253\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-253 Remote Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SolarWinds\", \"product\": \"Access Rights Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"previous versions\", \"versionType\": \"2023.2.3\", \"lessThanOrEqual\": \"2023.2.3\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.4\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.4\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-05-09T09:02:00.000Z\", \"references\": [{\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075\"}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm\"}, {\"url\": \"https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. \\n\\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.   \", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. \u003cbr\u003e\u003cbr\u003eWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.   \", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"49f11609-934d-4621-84e6-e02e032104d6\", \"shortName\": \"SolarWinds\", \"dateUpdated\": \"2024-05-09T12:42:44.975Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-28075\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T00:48:48.249Z\", \"dateReserved\": \"2024-03-01T08:53:44.513Z\", \"assignerOrgId\": \"49f11609-934d-4621-84e6-e02e032104d6\", \"datePublished\": \"2024-05-09T12:42:44.975Z\", \"assignerShortName\": \"SolarWinds\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.