Synopsis: Multiple RCE (Remote Code Execution) vulnerabilities (CVE-2024-23476, CVE-2024-23479, CVE-2023-40057) have been discovered in the SolarWinds Access Rights Manager solution. Threat actors could chain multiple vulnerabilities together to execute commands on the system without authentication. There has been no mention of these vulnerabilities being exploited in the wild, but SolarWinds released a patch on February 15th for these and other vulnerabilities in Access Rights Manager 2023.2.3.
Action: Update to version 2023.2.3 as soon as possible.
Associated Articles
BleepingComputer
SolarWinds Security Advisories
Release Notes for 2023.2.3
