SolarWinds, a leading provider of IT management software, has recently disclosed critical vulnerabilities in its Access Rights Manager (ARM) platform.
The vulnerabilities, identified as CVE-2024-28990 and CVE-2024-28991, allow attackers to bypass authentication and execute remote code, posing significant security risks.
The company has released a service update, Access Rights Manager 2024.3.1, to address these issues.
Understanding the Vulnerabilities
CVE-ID | Vulnerability Title | Description | Severity |
CVE-2024-28990 | SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability | SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. | 6.3 Medium |
CVE-2024-28991 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. | 9.0 Critical |
Piotr Bazydlo of the Trend Micro Zero Day Initiative responsibly disclosed these vulnerabilities, highlighting the importance of collaboration between security researchers and companies to address and mitigate potential security threats.
Fixes and Updates
SolarWinds has proactively addressed these vulnerabilities by releasing the Access Rights Manager 2024.3.1 update.
This service release not only patches the identified vulnerabilities but also includes several bug fixes to improve the platform’s overall functionality and security.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Below is a summary of the key fixes included in this update:
Case Number(s) | Description |
01443343, 01572081 | The Accounts screen in the Access Rights Manager application now displays the correct account information when you add or delete multiple accounts from a SharePoint group. |
N/A | An error message no longer displays after you perform an Active Directory (AD) or File Server (FS) scan. |
01719845 | After you restart the ARM Service, the GrantMA workflows in the Access Rights Manager Workflows tab now display in the tab window. |
01721548, 01736092 | You can now access the Connection tab in the Settings menu. |
01721505, 01721609, 01726066, 01727184, 01727963 | ARM server host names that include numbers no longer break the connection between the ARM server and the collector. |
01331492, 01677939 | An exception message no longer displays after you update the ARM server to version 2024.3. |
Recommendations and Known Issues
For organizations using SolarWinds ARM, applying the 2024.3.1 update immediately is crucial to mitigate the risks associated with these vulnerabilities.
SolarWinds has also guided the resolution of known issues that may arise during the update process. One such problem involves a configwizard error when the ARM server fails to restart automatically after the update. The recommended workaround is to restart the ARM service manually.
If the error persists, users should delete the pnServer.messaging.config.xml file and restart the service again.SolarWinds continues to emphasize its commitment to security and transparency in addressing vulnerabilities.
The company acknowledges the valuable contributions of security researchers like Piotr Bazydlo and organizations such as Trend Micro Zero Day Initiative in identifying and mitigating potential threats.
Organizations must remain vigilant and proactive in securing their IT environments as cyber threats evolve. Regular updates, comprehensive security assessments, and collaboration with trusted security partners are essential to a robust cybersecurity strategy.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar