CVE-2024-23470
CVSS 3.1 Score 9.6 of 10 (high)
Details
Published Jul 17, 2024
Updated: Jul 18, 2024
CWE ID 287
Summary
CVE-2024-23470 is a pre-authentication remote code execution vulnerability affecting SolarWinds Access Rights Manager. This issue permits unauthenticated users to execute commands and run executables on the affected system, posing a significant risk to organizational security. An attacker can exploit this vulnerability without requiring valid credentials, making it particularly dangerous. SolarWinds has released a patch to address this issue; it is recommended that users install the update promptly to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Solarwinds Access Rights Manager
Affected Vendors
- SolarWinds Inc.