CVE-2023-35181
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.
SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios abusar de permisos de carpeta incorrectos, lo que resulta en una escalada de privilegios.
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Access Rights Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-06-14 CVE Reserved
- 2023-10-19 CVE Published
- 2023-10-26 EPSS Updated
- 2024-09-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
- CAPEC-233: Privilege Escalation
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181 | 2023-10-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Solarwinds Search vendor "Solarwinds" | Access Rights Manager Search vendor "Solarwinds" for product "Access Rights Manager" | <= 2023.2.0.73 Search vendor "Solarwinds" for product "Access Rights Manager" and version " <= 2023.2.0.73" | - |
Affected
|