CVE-2024-45713 – SolarWinds Kiwi CatTools can disclose sensitive... (How to Fix)

Q: What is the severity of CVE-2024-45713?

CVE-2024-45713 has a CVSS score of 5.1 (MEDIUM). SolarWinds Kiwi CatTools can disclose sensitive information when a non-default troubleshooting setting is enabled. This affects administrators who have enabled this setting for diagnostic purposes, potentially exposing credentials or configuration data.

📋 TL;DR

SolarWinds Kiwi CatTools can disclose sensitive information when a non-default troubleshooting setting is enabled. This affects administrators who have enabled this setting for diagnostic purposes, potentially exposing credentials or configuration data.

💻 Affected Systems

Products:

SolarWinds Kiwi CatTools

Versions: All versions prior to 4.4.1

Operating Systems: Windows

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when non-default 'Enable Debug Logging' or similar troubleshooting setting is enabled.

📦 What is this software?

Kiwi Cattools by Solarwinds

View all CVEs affecting Kiwi Cattools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to administrative credentials, configuration files, or sensitive network information, leading to full system compromise or lateral movement.

🟠

Likely Case

Unauthorized users access debugging logs containing sensitive data like passwords, API keys, or device configurations.

🟢

If Mitigated

Limited exposure of non-critical debugging information if proper access controls and monitoring are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the system where the setting is enabled, typically through authenticated access or existing compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.1

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45713

Restart Required: Yes

Instructions:

1. Download Kiwi CatTools 4.4.1 from SolarWinds Customer Portal. 2. Run installer as administrator. 3. Follow upgrade prompts. 4. Restart service/application.

🔧 Temporary Workarounds

Disable Debug Logging

windows

Turn off non-default troubleshooting settings that enable sensitive data logging.

Open Kiwi CatTools > Settings > Logging > Disable 'Enable Debug Logging'

🧯 If You Can't Patch

Disable all non-default troubleshooting/logging settings immediately.
Restrict access to Kiwi CatTools installation directory and log files using file system permissions.

🔍 How to Verify

Check if Vulnerable:

Check Kiwi CatTools settings for enabled debug/troubleshooting options and verify version is below 4.4.1.

Check Version:

In Kiwi CatTools: Help > About, or check registry: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Kiwi CatTools\Version

Verify Fix Applied:

Confirm version is 4.4.1 or higher in Help > About, and verify debug logging is disabled.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to log files
Sensitive data patterns in debug logs

Network Indicators:

Unusual file access patterns to Kiwi CatTools directories

SIEM Query:

source="Kiwi CatTools" AND (event="Debug Logging Enabled" OR keywords="password","credential","key" in log_content)

📊 Metadata

CVE ID: CVE-2024-45713

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

CWE: CWE-209

Published: October 17, 2024

Last Updated: February 25, 2025

🔗 References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45713 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45713, you might also want to check these: