Security News > 2023 > October > Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges.
SolarWinds ARM is a tool that enables organizations to manage and audit user access rights across their IT environments.
Through Trend Micro's Zero Day Initiative, researchers reported eight flaws in the SolarWinds solution on June 22, three of them with critical severity.
The rest of the security issues that SolarWinds addressed in its Access Right Manager are high-severity and attackers could exploit them to increase permissions or execute arbitrary code on the host after authentication.
ASUS routers vulnerable to critical remote code execution flaws.
Ransomware gangs now exploiting critical TeamCity RCE flaw.
News URL
Related news
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Critical hardcoded SolarWinds credential now exploited in the wild (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)