MODAPKVN BLOG

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Test link
Home
Data Protection

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has issued solutions to address two security weaknesses in its Access Rights Manager (ARM) software, including a serious vulnerability that may result in remote code execution.

The vulnerability, tagged as CVE-2024-28991, is scored 9.0 out of a maximum of 10.0 on the CVSS rating system. It has been characterized as an instance of deserialization of untrusted data.

"SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability," the firm claimed in an alert. "If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution."

Security researcher Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI) has been credited with identifying and disclosing the bug on May 24, 2024.

The ZDI, which has assigned the shortcoming a CVSS score of 9.9, said it exists within a class called JsonSerializationBinder and stems from a lack of proper validation of user-supplied data, thus exposing ARM devices to a deserialization vulnerability that could then be abused to execute arbitrary code.

"Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed," the ZDI warned.

Also patched by SolarWinds is a medium-severity hole in ARM (CVE-2024-28990, CVSS score: 6.3) that revealed a hard-coded credential which, if properly exploited, might enable unwanted access to the RabbitMQ management console.

Both the flaws have been fixed in ARM version 2024.3.1. Although there is presently no indication of active exploitation of the vulnerabilities, users are encouraged to upgrade to the newest version as soon as possible to defend against prospective dangers.

The news comes as D-Link has fixed three major vulnerabilities affecting DIR-X4860, DIR-X5460, and COVR-X1870 routers (CVE-2024-45694, CVE-2024-45695, and CVE-2024-45697, CVSS scores: 9.8) that might allow remote execution of arbitrary code and system instructions.

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.