CVE-2023-35186

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm	Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*

History

25 Oct 2023, 19:39

Type	Values Removed	Values Added
References	~~(MISC) https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm -~~	(MISC) https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm - Release Notes, Vendor Advisory
References	~~(MISC) https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186 -~~	(MISC) https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186 - Vendor Advisory
CPE		cpe:2.3:a:solarwinds:access_rights_manager::::::::
First Time		Solarwinds Solarwinds access Rights Manager
CVSS	v2 : ~~unknown~~ v3 : ~~8.0~~	v2 : unknown v3 : 8.8

19 Oct 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-19 15:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-35186

Mitre link : CVE-2023-35186

CVE.ORG link : CVE-2023-35186

JSON object : View

Products Affected

solarwinds

access_rights_manager

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-35186", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@solarwinds.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2023-10-19T15:15:09.410", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm", "tags": ["Release Notes", "Vendor Advisory"], "source": "psirt@solarwinds.com"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186", "tags": ["Vendor Advisory"], "source": "psirt@solarwinds.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@solarwinds.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution."}, {"lang": "es", "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite que un usuario autenticado abuse del servicio SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2023-10-25T19:39:42.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B", "versionEndIncluding": "2023.2.0.73"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@solarwinds.com"}