CVE-2024-23475 – CVE-2024-23475 is a critical directory traversa... (How to Fix)

Q: What is the severity of CVE-2024-23475?

CVE-2024-23475 has a CVSS score of 9.6 (CRITICAL). CVE-2024-23475 is a critical directory traversal vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to delete arbitrary files and access sensitive information. This affects all organizations running vulnerable versions of SolarWinds ARM. The vulnerability stems from improper path validation (CWE-22).

📋 TL;DR

CVE-2024-23475 is a critical directory traversal vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to delete arbitrary files and access sensitive information. This affects all organizations running vulnerable versions of SolarWinds ARM. The vulnerability stems from improper path validation (CWE-22).

💻 Affected Systems

Products:

SolarWinds Access Rights Manager

Versions: Versions prior to 2024.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Access Rights Manager by Solarwinds

View all CVEs affecting Access Rights Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, exposure of credentials and configuration data, and potential ransomware deployment.

🟠

Likely Case

Sensitive information disclosure including credentials, configuration files, and database information, leading to further system compromise.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, but still poses significant risk if exposed.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows remote attackers to compromise exposed systems without credentials.

🏢 Internal Only: HIGH - Even internally, unauthenticated access means any user on the network could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit with simple path manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3

Vendor Advisory: https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3_release_notes.htm

Restart Required: Yes

Instructions:

1. Download SolarWinds ARM 2024.3 from the SolarWinds customer portal. 2. Backup current configuration and database. 3. Run the installer with administrative privileges. 4. Restart the ARM service and verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to SolarWinds ARM to only trusted administrative networks

Web Application Firewall

all

Implement WAF rules to block directory traversal patterns

🧯 If You Can't Patch

Immediately isolate the SolarWinds ARM server from all untrusted networks
Implement strict network access controls and monitor for suspicious file access patterns

🔍 How to Verify

Check if Vulnerable:

Check SolarWinds ARM version in the web interface under Help > About. If version is below 2024.3, the system is vulnerable.

Check Version:

Not applicable - check via web interface or Windows Services for version information

Verify Fix Applied:

Verify version is 2024.3 or higher in Help > About, then test that directory traversal attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Directory traversal strings in web logs (../, ..\, %2e%2e/)
Unauthenticated access to sensitive endpoints

Network Indicators:

Unusual outbound connections from ARM server
File deletion requests from unauthenticated sources

SIEM Query:

source="solarwinds_arm" AND (uri="*../*" OR uri="*..\\*" OR status=200 AND method=DELETE AND auth="none")

📊 Metadata

CVE ID: CVE-2024-23475

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: July 17, 2024

Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23475, you might also want to check these: