CVE-2023-35186 – This vulnerability allows authenticated users o... (How to Fix)

Q: What is the severity of CVE-2023-35186?

CVE-2023-35186 has a CVSS score of 8.0 (HIGH). This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by abusing SolarWinds services. It affects organizations using vulnerable versions of SolarWinds ARM, potentially enabling attackers to gain full control of affected systems.

📋 TL;DR

This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by abusing SolarWinds services. It affects organizations using vulnerable versions of SolarWinds ARM, potentially enabling attackers to gain full control of affected systems.

💻 Affected Systems

Products:

SolarWinds Access Rights Manager

Versions: Versions prior to 2023.2.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the SolarWinds ARM interface.

📦 What is this software?

Access Rights Manager by Solarwinds

View all CVEs affecting Access Rights Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, lateral movement across the network, and persistent backdoor installation.

🟠

Likely Case

Privilege escalation leading to unauthorized access to sensitive systems and data within the ARM environment.

🟢

If Mitigated

Limited impact due to network segmentation and strong authentication controls restricting authenticated user access.

🌐 Internet-Facing: HIGH if ARM is exposed to the internet, as authenticated attackers could gain remote code execution.

🏢 Internal Only: HIGH as authenticated internal users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but appears straightforward based on CWE-502 (Deserialization of Untrusted Data).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.2.1

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186

Restart Required: Yes

Instructions:

1. Download SolarWinds ARM 2023.2.1 from SolarWinds Customer Portal. 2. Backup current configuration. 3. Run installer with administrative privileges. 4. Restart services as prompted.

🔧 Temporary Workarounds

Restrict Access

all

Limit network access to SolarWinds ARM to only trusted administrative networks and users.

Strengthen Authentication

all

Enforce multi-factor authentication and strong password policies for all ARM user accounts.

🧯 If You Can't Patch

Implement network segmentation to isolate SolarWinds ARM from critical systems.
Monitor for unusual authentication patterns and file creation/modification activities on ARM servers.

🔍 How to Verify

Check if Vulnerable:

Check SolarWinds ARM version in the web interface under Help > About or via Windows Programs and Features.

Check Version:

Not applicable - check via GUI or Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Access Rights Manager

Verify Fix Applied:

Confirm version is 2023.2.1 or later in the ARM interface and verify services are running normally.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from SolarWinds services
Authentication from unexpected IP addresses
Deserialization errors in application logs

Network Indicators:

Unusual outbound connections from ARM server
Traffic to unexpected ports from ARM service

SIEM Query:

source="solarwinds-arm" AND (event_type="process_creation" OR event_type="deserialization_error")

📊 Metadata

CVE ID: CVE-2023-35186

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: October 19, 2023

Last Updated: November 21, 2024

🔗 References

https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm Release Notes,Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186 Vendor Advisory
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm Release Notes,Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35186, you might also want to check these: