SolarWinds Platform Exposed Dangerous Method Vulnerability
(CVE-2023-23840)
Summary
The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Affected Products
SolarWinds Platform 2023.3 and prior versions
Fixed Software Release
Acknowledgments
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
6.8 Medium
Advisory ID
First Published
07/18/2023
Last Updated
07/18/2023