CVE-2024-23470

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Jul 17, 2024

Updated: Jul 18, 2024

CWE ID 287

Summary

CVE-2024-23470 is a pre-authentication remote code execution vulnerability affecting SolarWinds Access Rights Manager. This issue permits unauthenticated users to execute commands and run executables on the affected system, posing a significant risk to organizational security. An attacker can exploit this vulnerability without requiring valid credentials, making it particularly dangerous. SolarWinds has released a patch to address this issue; it is recommended that users install the update promptly to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Solarwinds Access Rights Manager

Affected Vendors

SolarWinds Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xEmrH9
https://www.cve.org/CVERecord?id=CVE-2024-23470
https://nvd.nist.gov/vuln/detail/CVE-2024-23470

Back to Vulnerability Database