CVE-2024-23466 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-23466?

CVE-2024-23466 has a CVSS score of 9.6 (CRITICAL). This vulnerability allows unauthenticated attackers to traverse directories and execute arbitrary code with SYSTEM privileges on SolarWinds Access Rights Manager. All organizations running vulnerable versions of SolarWinds ARM are affected, potentially leading to complete system compromise.

📋 TL;DR

This vulnerability allows unauthenticated attackers to traverse directories and execute arbitrary code with SYSTEM privileges on SolarWinds Access Rights Manager. All organizations running vulnerable versions of SolarWinds ARM are affected, potentially leading to complete system compromise.

💻 Affected Systems

Products:

SolarWinds Access Rights Manager

Versions: Versions prior to 2024.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Access Rights Manager by Solarwinds

View all CVEs affecting Access Rights Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with SYSTEM privileges, enabling data theft, ransomware deployment, and persistent backdoor installation across the network.

🟠

Likely Case

Initial access leading to privilege escalation, lateral movement, and credential harvesting from the compromised ARM server.

🟢

If Mitigated

Limited impact if network segmentation and strict access controls prevent exploitation attempts from reaching vulnerable systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal combined with RCE typically has low exploitation complexity. Unauthenticated access makes this particularly dangerous.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3

Vendor Advisory: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

Restart Required: Yes

Instructions:

1. Download SolarWinds ARM 2024.3 from the SolarWinds customer portal. 2. Backup current configuration and database. 3. Run the installer with administrative privileges. 4. Restart the ARM service and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ARM server from untrusted networks and restrict access to authorized IPs only

Web Application Firewall

all

Deploy WAF with directory traversal and RCE protection rules

🧯 If You Can't Patch

Immediately remove internet-facing exposure and restrict network access to ARM server
Implement strict monitoring and alerting for suspicious file access patterns and process creation

🔍 How to Verify

Check if Vulnerable:

Check ARM version in SolarWinds ARM web interface under Help > About. If version is earlier than 2024.3, system is vulnerable.

Check Version:

Not applicable - check via web interface or Windows Services for ARM version

Verify Fix Applied:

Verify version shows 2024.3 or later in Help > About. Test directory traversal attempts should be blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file path access patterns in ARM logs
Unexpected process creation with SYSTEM privileges
Failed authentication attempts followed by successful exploitation

Network Indicators:

Unusual outbound connections from ARM server
Traffic patterns indicating file upload or code execution

SIEM Query:

source="solarwinds-arm" AND (path="*../*" OR process="*powershell*" OR process="*cmd*" OR user="SYSTEM")

📊 Metadata

CVE ID: CVE-2024-23466

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: July 17, 2024

Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23466, you might also want to check these: