SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits

SolarWinds has recently addressed 8 critical vulnerabilities pertaining to its Access Rights Manager (ARM) software. This SolarWinds patch has been released prior to the SolarWinds security flaws being exploited in the wild. In this article, we’ll focus on what that patch entails and what the consequences would have been if the vulnerabilities were exploited.

SolarWinds Patch: Critical ARM Flaws Uncovered

The SolarWinds ARM is a software that organizations can use to create customized Active Directory (AD) and Azure AD reports. Data contained within these reports can be used to identify which user has access to what resources and when the data was accessed.

SolarWinds has recently addressed a set of critical security vulnerabilities that could have made the software a paramount asset for threat actors. News reports have stated that if these vulnerabilities were exploited, they would have facilitated unauthorized access to sensitive information or the execution of arbitrary code.

The 8 vulnerabilities that the SolarWinds patch caters to currently have a critical vulnerability severity score (CVSS) of 9.6 out of 10. Details pertaining to each of these SolarWinds security flaws are mentioned below:

Aftermath Of A Successful Exploit

In February, the company patched five other RCE vulnerabilities in the Access Rights Manager (ARM) solution, three of which were rated critical because they allowed unauthenticated exploitation.

Media reports have mentioned that these SolarWinds security flaws have not been exploited, but the aftermath, if they were, could have been devastating. SolarWinds, in February, patched 5 other vulnerabilities pertaining to the ARM software. In addition, the company’s internal system was also breached by APT29, a Russian cybercrime group, in 2020.

SolarWinds, at that time, worked with Fortune 500 companies such as Google, Apple, and Amazon alongside government organizations that included:

• The Pentagon.
• Postal Service.
• The U.S. Military.
• Department of Justice.
• The State Department.
• NASA, NSA, and NOAA.
• The Office of the President of the United States.

The vulnerabilities that the most recent patch caters to could have allowed hackers to not only read, but delete files on compromised systems. Furthermore, these vulnerabilities could have allowed them to elevate their privileges, using them to execute arbitrary code.

SolarWinds Patch Rolled Out

As far as the SolarWinds patch is concerned, it’s worth mentioning here that this development has come after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another vulnerability to its Known Exploited Vulnerability (KEV) catalog.

The vulnerability that was added to the KEV is a high-severity path traversal flaw in SolarWinds Serv-U Path dubber CVE-2024-28995 and has a CVSS score of 8.6. The most recent vulnerabilities that have not been exploited were addressed in version 2024.3 released on July 17, 2024.

Conclusion

The SolarWinds patch of critical ARM vulnerabilities before exploitation has averted potential cybersecurity disasters. With a CVSS score of 9.6, these flaws could have led to unauthorized data access and malicious code execution. The timely patch in version 2024.3 underscores the importance of robust cybersecurity protocols in an ever-evolving threat landscape.

The sources for this piece include articles in The Hacker News and Security Week.