Home Security SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

by


Sep 17, 2024Ravie LakshmananSoftware Security / Data Protection

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.

The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.

“SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability,” the company said in an advisory. “If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.”

Security researcher Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI) has been credited with discovering and reporting the flaw on May 24, 2024.

The ZDI, which has assigned the shortcoming a CVSS score of 9.9, said it exists within a class called JsonSerializationBinder and stems from a lack of proper validation of user-supplied data, thus exposing ARM devices to a deserialization vulnerability that could then be abused to execute arbitrary code.

Cybersecurity

“Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed,” the ZDI said.

Also addressed by SolarWinds is a medium-severity flaw in ARM (CVE-2024-28990, CVSS score: 6.3) that exposed a hard-coded credential which, if successfully exploited, could allow unauthorized access to the RabbitMQ management console.

Both the issues have been patched in ARM version 2024.3.1. Although there is currently no evidence of active exploitation of the vulnerabilities, users are recommended to update to the latest version as soon as possible to safeguard against potential threats.

The development comes as D-Link has resolved three critical vulnerabilities affecting DIR-X4860, DIR-X5460, and COVR-X1870 routers (CVE-2024-45694, CVE-2024-45695, and CVE-2024-45697, CVSS scores: 9.8) that could enable remote execution of arbitrary code and system commands.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex