cbcvebase.
CVE-2024-23478
published 2024-02-15

CVE-2024-23478: SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an…

PriorityP263high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
81.59%
99.6th percentile
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsaccess_rights_manager< 2023.2.32023.2.3
solarwindsaccess_rights_managerprevious versions – 2023.2.2

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-23478 is a Deserialization of Untrusted Data vulnerability in SolarWinds Access Rights Manager (ARM) enabling Remote Code Execution by an authenticated user abusing a SolarWinds service.
  • CVE-2024-23478 is rated high severity (8.0) and requires authentication, distinguishing it from the three critical unauthenticated RCE siblings in the same patch batch. Detection should focus on authenticated sessions abusing ARM services via deserialization payloads.
  • ·No in-the-wild exploitation has been reported by SolarWinds at time of disclosure; however, the vulnerability was reported via Trend Micro ZDI, meaning technical details may become public.
  • ·CVE-2024-23478 requires an authenticated user to exploit, unlike the three critical siblings (CVE-2024-23476, CVE-2024-23479, CVE-2023-40057) which are unauthenticated. Prioritize patching unauthenticated vectors first if resources are constrained.
  • ·Four of the five flaws were reported by anonymous researchers; full technical write-ups or PoC details may be released by ZDI post-patch, which could lower the exploitation bar.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.