Solarwinds ARM: Unauthorized access and malicious code attacks possible
The Solarwinds developers have closed two security gaps in Access Rights Manager. One gap is considered critical.
(Image: Artur Szczybylo/Shutterstock.com)
Admins who implement access authorizations in companies with Solarwind's Access Rights Manager (ARM) should install the latest version quickly for security reasons. If this is not done, malicious code can compromise systems.
Two security vulnerabilities
In a warning message, the developers state that they have closed two security vulnerabilities (CVE-2024-28990"medium", CVE-2024-28991"critical"). In order to target the critical vulnerability, an attacker must already be authenticated. If this is the case, they can execute their own code and thus gain full control over PCs. The developers are not currently explaining how such an attack could take place. Unfortunately, there is also no information on how admins can detect systems that have already been attacked.
Videos by heise
The second vulnerability can be traced back to hard-coded access data. At this point, attackers can gain access to the management console of the RabbidMQ message broker software. It is currently not known what specific effects this could have.
Security update
To protect systems, admins must install ARM version 2024.3.1, which is secured against the attacks described. According to the developers, they have not only closed security gaps, but also fixed several bugs. Among other things, there should no longer be any warning messages when scanning Active Directory servers. However, there are still problems and Exchange scans can fail.
Solarwind's Web Help Desk last made the headlines several times in August of this year. Among other things, security researchers have observed attacks on the IT ticketing software.
(des)
