SolarWinds Platform Exposed Dangerous Method Vulnerability

(CVE-2023-23845)

Summary

The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

Affected Products

SolarWinds Platform 2023.3 and prior versions

Fixed Software Release

SolarWinds Platform 2023.3.1

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

6.8 Medium

Advisory ID

CVE-2023-23845

First Published

07/18/2023

Last Updated

07/18/2023

Fixed Version

SolarWinds Platform 2023.3.1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H