The French Computer Emergency Response Team (CERT-FR) has issued a security advisory concerning multiple vulnerabilities identified in SolarWinds Access Rights Manager (ARM). These vulnerabilities, assigned CVE-2023, pose a significant risk to systems utilizing SolarWinds ARM versions prior to 2023.2.1.
Summary:
The vulnerabilities expose systems to:
- Arbitrary remote code execution
- Security policy bypass
- Privilege escalation
Affected Systems:
SolarWinds ARM versions earlier than 2023.2.1
Solution:
Refer to the security bulletin from the vendor for obtaining the necessary patches.
Details:
The identified CVEs include:
- CVE-2023-35186
- CVE-2023-35183
- CVE-2023-35185
- CVE-2023-35187
- CVE-2023-35180
- CVE-2023-35184
- CVE-2023-35181
- CVE-2023-35182
The CERT-FR stresses the critical nature of these vulnerabilities and urges immediate action to mitigate potential risks. Administrators are advised to apply the provided patches promptly and closely monitor their systems for any signs of exploitation.