- 287/2024
- High
SolarWinds has released security updates to address multiple vulnerabilities affecting several SolarWinds products.
The addressed vulnerabilities could allow the attacker to gain elevated privilege, obtain sensitive information, or perform cross-site scripting attacks on the affected system.
Sample of the addressed vulnerabilities:
1. SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability (CVE-2024-45710):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability (CVE-2024-45711):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Affected Products
- SolarWinds Platform 2024.2.1 and all previous versions.
- Serv-U 15.4.2 and previous versions.
- Serv-U 15.4.2.3 and earlier versions.
Vulnerabilities
- CVE-2024-45715
- CVE-2024-45710
- CVE-2024-45711
- CVE-2024-45714
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.