Security News > 2023 > October > Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges.
SolarWinds ARM is a tool that enables organizations to manage and audit user access rights across their IT environments.
Through Trend Micro's Zero Day Initiative, researchers reported eight flaws in the SolarWinds solution on June 22, three of them with critical severity.
The rest of the security issues that SolarWinds addressed in its Access Right Manager are high-severity and attackers could exploit them to increase permissions or execute arbitrary code on the host after authentication.
ASUS routers vulnerable to critical remote code execution flaws.
Ransomware gangs now exploiting critical TeamCity RCE flaw.
News URL
Related news
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- HPE Aruba Networking fixes four critical RCE flaws in ArubaOS (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)