The Information Highway

The Information Highway

Font size: +
2 minutes reading time (364 words)

SolarWinds ARM vulnerabilities

Threat update

SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE).



Technical Detail and Additional Info

What is the threat?

CVE-2024-28991 has a CVSS score of 9.0 and is a critical deserialization vulnerability in SolarWinds ARM's JsonSerializationBinder. It can be exploited by bypassing the authentication process. An attacker could supply malicious data, resulting in arbitrary code execution.

The second vulnerability, CVE-2024-28990, involves a hard-coded credential in the RabbitMQ management console. 

Why is it noteworthy?

CVE-2024-28991 is critical and has the potential for widespread impact. This vulnerability underscores the serious risks of improper data handling and deserialization flaws. The existence of a bypass authentication mechanism exacerbates the risk.

CVE-2024-28990, if exploited, could enable unauthorized access to essential system components. This can lead to unauthorized control, data breaches, and more.

What is the exposure or risk?

Organizations using SolarWinds ARM are at risk of significant security breaches if these vulnerabilities are not addressed. CVE-2024-28991 could be exploited to run arbitrary code, potentially allowing attackers to deploy malware, modify critical data, or escalate privileges. The CVE-2024-28990 vulnerability may grant unauthorized users access to sensitive areas of the system, exacerbating security risks. The ability to bypass authentication is particularly concerning for enterprises that rely on ARM for access control. Failure to patch could lead to severe business disruptions, data compromise, or even complete system failure. 

What are the recommendations?

 LBT Technology Group recommends taking the following measures to mitigate the impact of these vulnerabilities:

  • Update SolarWinds ARM to version 2024.3.1 or later to address both CVE-2024-28991 and CVE-2024-28990.
  • Implement multi-factor authentication (MFA) to add another layer of protection against authentication bypass.
  • Monitor in real-time to detect unauthorized access or unusual activity around critical systems and data.
  • Identify and eliminate any hard-coded credentials in systems to prevent unauthorized access.
  • Audit user permissions and access controls regularly to ensure only authorized individuals have access to critical systems.

References

For more in-depth information about the recommendations, please visit the following link:


If you have any questions, please contact LBT's Sales Engineer.


Windows Server 2025 previews security updates with...
Dell investigates data breach claims after hacker ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023