CVE-2024-23471 – This vulnerability allows authenticated users o... (How to Fix)

Q: What is the severity of CVE-2024-23471?

CVE-2024-23471 has a CVSS score of 9.6 (CRITICAL). This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by exploiting improper authentication mechanisms. Organizations running vulnerable versions of SolarWinds ARM are affected, potentially enabling attackers to gain full control of affected systems.

📋 TL;DR

This vulnerability allows authenticated users of SolarWinds Access Rights Manager to execute arbitrary code remotely by exploiting improper authentication mechanisms. Organizations running vulnerable versions of SolarWinds ARM are affected, potentially enabling attackers to gain full control of affected systems.

💻 Affected Systems

Products:

SolarWinds Access Rights Manager

Versions: Versions prior to 2024.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the SolarWinds ARM service

📦 What is this software?

Access Rights Manager by Solarwinds

View all CVEs affecting Access Rights Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data exfiltration, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Privilege escalation leading to unauthorized access to sensitive systems and data managed by ARM.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authentication is obtained

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3

Vendor Advisory: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

Restart Required: Yes

Instructions:

1. Download SolarWinds ARM 2024.3 from the SolarWinds customer portal. 2. Run the installer with administrative privileges. 3. Follow the upgrade wizard. 4. Restart the ARM service after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to SolarWinds ARM to only authorized management networks

Authentication Hardening

all

Implement multi-factor authentication and strong password policies for ARM users

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the ARM service
Monitor for unusual authentication attempts and service abuse patterns

🔍 How to Verify

Check if Vulnerable:

Check ARM version in the web interface under Help > About or via the Windows Services console

Check Version:

sc query "SolarWinds ARM Service" | findstr /i "display_name"

Verify Fix Applied:

Confirm version shows 2024.3 or later in the ARM interface

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Unexpected service restarts
Suspicious process creation from ARM service

Network Indicators:

Unusual outbound connections from ARM server
Unexpected RPC or service communication

SIEM Query:

source="ARM_Logs" AND (event_type="authentication" AND result="success") | stats count by user, src_ip | where count > threshold

📊 Metadata

CVE ID: CVE-2024-23471

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-287

Published: July 17, 2024

Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23471, you might also want to check these: