- 286/2023
- High
SolarWinds has released security updates to fix multiple vulnerabilities in SolarWinds products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary code with system privileges and gain access to the affected systems.
Sample of the addressed vulnerabilities:
SolarWinds Network Configuration Manager Directory Traversal Vulnerability (CVE-2023-33226):
- CVSS: 8
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Affected Products
- Network Configuration Manager 2023.3.1 and previous versions.
- SolarWinds Platform 2023.3.1 and previous versions.
Vulnerabilities
- CVE-2023-33226
- CVE-2023-33227
- CVE-2023-33228
- CVE-2023-40061
- CVE-2023-40062
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.