Security researchers have uncovered three critical remote code execution (RCE) vulnerabilities within the SolarWinds Access Rights Manager (ARM) product. These vulnerabilities could potentially be exploited by remote attackers to run privileged code with SYSTEM-level access.
SolarWinds Access Rights Manager (ARM) is a robust utility designed to empower organizations in administering and governing user access privileges throughout their IT infrastructure. It boasts seamless integration with Microsoft Active Directory, implements role-based access control, provides intuitive visual feedback, and offers a range of additional features.
Researchers from Trend Micro’s Zero Day Initiative (ZDI) reported a total of eight vulnerabilities in the SolarWinds solution on June 22, with three of them categorized as having critical severity.
The vendor promptly resolved all the identified vulnerabilities earlier this week by releasing a patch in version 2023.2.1 of Access Rights Manager.
Here are the descriptions and corresponding ID numbers for the three critical remote code execution (RCE) vulnerabilities.
- CVE-2023-35182 (Severity 9.8): Uncertified remote attackers can execute arbitrary code with SYSTEM-level privileges through untrusted data deserialization in the ‘createGlobalServerChannelInternal’ method.
- CVE-2023-35185 (Severity 9.8): External attackers have the capability to execute arbitrary code with SYSTEM-level access due to insufficient validation of user-supplied paths in the “OpenFile” method.
- CVE-2023-35187 (Severity 9.8): Unauthenticated remote attackers can execute arbitrary code in the unauthenticated SYSTEM context because of a lack of verification of user-supplied paths in the “OpenClientUpdateFile” method.
Running code under the “SYSTEM” account on Windows computers signifies that it operates with the utmost privileges within the system.
“SYSTEM” is an internal account exclusively designated for the operating system and its associated services. When attackers achieve this level of privilege, they gain unrestricted control over all files on the victim’s machine.