CVE-2024-0692

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692

Configurations

No configuration.

History

01 Mar 2024, 14:04

Type	Values Removed	Values Added
Summary		(es) SolarWinds Security Event Manager era susceptible a una vulnerabilidad de ejecución remota de código. Esta vulnerabilidad permite que un usuario no autenticado abuse del servicio de SolarWinds, lo que resulta en la ejecución remota de código.

01 Mar 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-01 09:15

Updated : 2024-03-01 14:04

NVD link : CVE-2024-0692

Mitre link : CVE-2024-0692

CVE.ORG link : CVE-2024-0692

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

8.8 /10