CVE-2023-40062 – This vulnerability in SolarWinds Platform allow... (How to Fix)

Q: What is the severity of CVE-2023-40062?

CVE-2023-40062 has a CVSS score of 8.0 (HIGH). This vulnerability in SolarWinds Platform allows a low-privileged authenticated user to execute arbitrary code with SYSTEM privileges due to incomplete input validation. It affects SolarWinds Hybrid Cloud Observability installations. Attackers could gain complete control of affected systems.

📋 TL;DR

This vulnerability in SolarWinds Platform allows a low-privileged authenticated user to execute arbitrary code with SYSTEM privileges due to incomplete input validation. It affects SolarWinds Hybrid Cloud Observability installations. Attackers could gain complete control of affected systems.

💻 Affected Systems

Products:

SolarWinds Hybrid Cloud Observability

Versions: Versions prior to 2023.4

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated low-privileged access. SolarWinds Platform installations with Hybrid Cloud Observability components are affected.

📦 What is this software?

Solarwinds Platform by Solarwinds

View all CVEs affecting Solarwinds Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining SYSTEM privileges, enabling lateral movement, data exfiltration, and persistent backdoor installation across the network.

🟠

Likely Case

Privilege escalation from low-privileged user to SYSTEM, allowing installation of malware, credential harvesting, and further network exploitation.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege access, and monitoring preventing successful exploitation or containing damage.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is considered low complexity once access is obtained. No public exploit code is available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.4 or later

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062

Restart Required: Yes

Instructions:

1. Download SolarWinds Hybrid Cloud Observability 2023.4 or later from the SolarWinds Customer Portal. 2. Backup current configuration and database. 3. Run the installer with administrative privileges. 4. Follow upgrade wizard instructions. 5. Restart services as prompted.

🔧 Temporary Workarounds

Restrict User Access

all

Limit low-privileged user accounts to only essential personnel and implement strict access controls.

Network Segmentation

all

Isolate SolarWinds servers from critical network segments and implement firewall rules to restrict access.

🧯 If You Can't Patch

Implement strict network segmentation to isolate SolarWinds servers from critical assets
Enforce least privilege access controls and monitor all user activity on SolarWinds systems

🔍 How to Verify

Check if Vulnerable:

Check SolarWinds version in web interface under Settings > All Settings > Product Information, or check installed version in Windows Programs and Features.

Check Version:

Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*SolarWinds*'} | Select-Object Name, Version

Verify Fix Applied:

Verify version is 2023.4 or later and check that all SolarWinds services are running properly after update.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from SolarWinds services
Privilege escalation attempts in Windows Event Logs
Unexpected command execution in SolarWinds logs

Network Indicators:

Unusual outbound connections from SolarWinds servers
Suspicious PowerShell or command execution traffic

SIEM Query:

source="windows" EventCode=4688 ProcessName="*SolarWinds*" OR ParentProcessName="*SolarWinds*" | stats count by host, ProcessName, CommandLine

📊 Metadata

CVE ID: CVE-2023-40062

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: November 1, 2023

Last Updated: November 21, 2024

🔗 References

https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062 Patch,Vendor Advisory
https://documentation.solarwinds.com/en/success_center/hco/content/release_notes/hco_2023-4_release_notes.htm Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40062 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40062, you might also want to check these: