Privilege escalation in SolarWinds Orion Platform
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-23840 CVE-2023-23845 |
| CWE-ID | CWE-749 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Orion Platform Server applications / Remote management servers, RDP, SSH |
| Vendor | SolarWinds |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Exposed dangerous method or function
EUVDB-ID: #VU80896
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23840
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists within the UpdateAction method in the SolarWinds Web Console. A remote authenticated administrator can execute arbitrary commands with NETWORK SERVICE privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2023.3
External linkshttp://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840
http://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm
http://www.zerodayinitiative.com/advisories/ZDI-23-1444/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Exposed dangerous method or function
EUVDB-ID: #VU80897
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23845
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists within the UpdateActionsProperties method in the SolarWinds Web Console. A remote authenticated administrator can execute arbitrary commands with NETWORK SERVICE privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2023.3
External linkshttp://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840
http://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm
http://www.zerodayinitiative.com/advisories/ZDI-23-1443/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
