{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-080.pdf"
    },
    "title": "Multiple Vulnerabilities in SolarWinds Access Rights Manager (ARM)",
    "serial_number": "2023-080",
    "publish_date": "23-10-2023 16:16:06",
    "description": "On October 18 2023, SolarWinds announced patches for eight vulnerabilities in Access Rights Manager (ARM) including eight high-severity flaws. The most severe vulnerabilities are tracked as CVE-2023-35182 and CVE-2023-35184 for Remote Code Execution Vulnerability, as well as CVE-2023-35185 and CVE-2023-35187 for Directory Traversal Remote Code Vulnerability, with a CVSS score of 8.8 out of 10.<br>\nIt is recommended updating as soon as possible.<br>\n",
    "url_title": "2023-080",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in SolarWinds Access Rights Manager (ARM)'\nnumber: '2023-080'\nversion: '1.0'\noriginal_date: 'October 18, 2023'\ndate: 'October 23, 2023'\n---\n\n_History:_\n\n* _23/10/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn October 18 2023, SolarWinds announced patches for eight vulnerabilities in Access Rights Manager (ARM) including eight high-severity flaws. The most severe vulnerabilities are tracked as **CVE-2023-35182** and **CVE-2023-35184** for Remote Code Execution Vulnerability, as well as **CVE-2023-35185** and **CVE-2023-35187** for Directory Traversal Remote Code Vulnerability, with a CVSS score of 8.8 out of 10. [1]\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nVarious vulnerabilities were addressed in this patch release, including:\n\n- **CVE-2023-35180**: This vulnerability (CVSS score of 8.0) allows authenticated users to abuse SolarWinds ARM API in order to remotely execute code. [1]\n- **CVE-2023-35181**: This vulnerability (CVSS score of 7.8) allows users to abuse incorrect folder permission resulting in privilege escalation. [1]\n- **CVE-2023-35182**: This vulnerability (CVSS score of 8.8) can be abused by unauthenticated users on SolarWinds ARM Server resulting in remote code execution. [1]\n- **CVE-2023-35183**: This vulnerability (CVSS score of 7.8) allows authenticated users to abuse local resources resulting in privilege escalation. [1]\n- **CVE-2023-35184**: This vulnerability (CVSS score of 8.8) allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. [1]\n- **CVE-2023-35185**: This vulnerability (CVSS score of 8.8) allows remote attackers to execute arbitrary code on SolarWinds ARM. The specific flaw exists within the `OpenFile` method. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. [1,2]\n- **CVE-2023-35186**: This vulnerability (CVSS score of 8.0) allows an authenticated user to abuse SolarWinds service resulting in remote code execution. [1]\n- **CVE-2023-35187**: This vulnerability (CVSS score of 8.8) allows remote attackers to execute arbitrary code on SolarWinds ARM. The specific flaw exists within the `OpenClientUpdateFile` method. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. [1,3]\n\n# Affected Products\n\nAccess Rights Manager 2023.2.1 is a service release providing bug and security fixes for release 2023.2, although it doesn't explicitly list the vulnerable versions. [1]\n\n# Recommendations\n\nCERT-EU recommends updating to the latest version as soon as possible.\n\n# References\n\n[1] <https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm>\n\n[2] <https://www.zerodayinitiative.com/advisories/ZDI-23-1565/>\n\n[3] <https://www.zerodayinitiative.com/advisories/ZDI-23-1567/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>23/10/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 18 2023, SolarWinds announced patches for eight vulnerabilities in Access Rights Manager (ARM) including eight high-severity flaws. The most severe vulnerabilities are tracked as <strong>CVE-2023-35182</strong> and <strong>CVE-2023-35184</strong> for Remote Code Execution Vulnerability, as well as <strong>CVE-2023-35185</strong> and <strong>CVE-2023-35187</strong> for Directory Traversal Remote Code Vulnerability, with a CVSS score of 8.8 out of 10. [1]</p><p>It is recommended updating as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>Various vulnerabilities were addressed in this patch release, including:</p><ul><li><strong>CVE-2023-35180</strong>: This vulnerability (CVSS score of 8.0) allows authenticated users to abuse SolarWinds ARM API in order to remotely execute code. [1]</li><li><strong>CVE-2023-35181</strong>: This vulnerability (CVSS score of 7.8) allows users to abuse incorrect folder permission resulting in privilege escalation. [1]</li><li><strong>CVE-2023-35182</strong>: This vulnerability (CVSS score of 8.8) can be abused by unauthenticated users on SolarWinds ARM Server resulting in remote code execution. [1]</li><li><strong>CVE-2023-35183</strong>: This vulnerability (CVSS score of 7.8) allows authenticated users to abuse local resources resulting in privilege escalation. [1]</li><li><strong>CVE-2023-35184</strong>: This vulnerability (CVSS score of 8.8) allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution. [1]</li><li><strong>CVE-2023-35185</strong>: This vulnerability (CVSS score of 8.8) allows remote attackers to execute arbitrary code on SolarWinds ARM. The specific flaw exists within the <code>OpenFile</code> method. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. [1,2]</li><li><strong>CVE-2023-35186</strong>: This vulnerability (CVSS score of 8.0) allows an authenticated user to abuse SolarWinds service resulting in remote code execution. [1]</li><li><strong>CVE-2023-35187</strong>: This vulnerability (CVSS score of 8.8) allows remote attackers to execute arbitrary code on SolarWinds ARM. The specific flaw exists within the <code>OpenClientUpdateFile</code> method. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. [1,3]</li></ul><h2 id=\"affected-products\">Affected Products</h2><p>Access Rights Manager 2023.2.1 is a service release providing bug and security fixes for release 2023.2, although it doesn't explicitly list the vulnerable versions. [1]</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating to the latest version as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm\">https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.zerodayinitiative.com/advisories/ZDI-23-1565/\">https://www.zerodayinitiative.com/advisories/ZDI-23-1565/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.zerodayinitiative.com/advisories/ZDI-23-1567/\">https://www.zerodayinitiative.com/advisories/ZDI-23-1567/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}