SolarWinds Patches Critical ARM Flaw

September 17, 2024
|In Cybersecurity News
|By Dan Duran

Major Security Flaws Addressed in SolarWinds ARM Software

SolarWinds has recently patched two security vulnerabilities found in its Access Rights Manager (ARM) software. One of these flaws was particularly concerning, as it could potentially allow remote code execution.

The most serious issue, tracked as CVE-2024-28991, received a high severity score of 9.0 out of 10 on the CVSS (Common Vulnerability Scoring System). This flaw stems from a deserialization of untrusted data, which could be exploited to run malicious code.

You might be interested in: WordPress Now Requires 2FA for Developers

Details of the Remote Code Execution Flaw

In a security notice, SolarWinds explained that โ€œAccess Rights Manager (ARM) contained a vulnerability that could be exploited for remote code execution.โ€ The flaw would enable an authenticated user to take advantage of the system and execute harmful code remotely.

This issue was first identified on May 24, 2024, by Piotr Bazydlo, a security researcher from Trend Micro Zero Day Initiative (ZDI). The flaw, classified under the JsonSerializationBinder class, occurs due to improper validation of user data, leading to a deserialization vulnerability. Once exploited, it can allow attackers to execute arbitrary code on the system.

While authentication is needed to exploit this bug, ZDI noted that the authentication process itself could be bypassed, raising additional concerns about the vulnerability.

Medium-Level Vulnerability Also Patched

Alongside the critical flaw, SolarWinds also patched a medium-level vulnerability, identified as CVE-2024-28990 with a CVSS score of 6.3. This issue involved a hard-coded credential that could potentially give unauthorized access to the RabbitMQ management console.

Both vulnerabilities have been addressed in the latest ARM version 2024.3.1. Users are strongly urged to update their software immediately to prevent possible attacks, even though there is no evidence of these vulnerabilities being actively exploited.

Other Security Fixes by D-Link

In addition to SolarWinds, D-Link also released patches for three critical vulnerabilities affecting some of its routers, including the DIR-X4860, DIR-X5460, and COVR-X1870 models. These flaws, tracked under CVE-2024-45694, CVE-2024-45695, and CVE-2024-45697, were given CVSS scores of 9.8 and could allow remote code and system command execution.

By addressing these issues, both SolarWinds and D-Link are taking steps to enhance the security of their products, reducing the risk of potential cyberattacks. If you use any of these devices or software, make sure to update to the latest versions as soon as possible.

Breaches