SolarWinds ARM Vulnerability
SolarWinds, a leading provider of IT management software, recently disclosed critical vulnerabilities in its Access Rights Manager (ARM) platform. Identified as CVE-2024-28990 and CVE-2024-28991, these vulnerabilities allow attackers to bypass authentication and execute remote code, posing significant security risks.
The company has released a service update, Access Rights Manager 2024.3.1, to address these critical issues.
Understanding the Vulnerabilities
CVE-2024-28990 and CVE-2024-28991 have been assigned the following severity ratings:
| CVE-ID | Vulnerability Title | Description | Severity |
|---|---|---|---|
| CVE-2024-28990 | SolarWinds ARM Hardcoded Credentials Authentication Bypass Vulnerability | Found to contain a hard-coded credential authentication bypass vulnerability, allowing access to RabbitMQ console. | 6.3 Medium |
| CVE-2024-28991 | SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution | Susceptible to remote code execution, allowing authenticated users to exploit the service and execute code remotely. | 9.0 Critical |
These vulnerabilities were responsibly disclosed by Piotr Bazydlo of the Trend Micro Zero Day Initiative, underscoring the importance of collaboration between security researchers and companies.
Fixes and Updates
SolarWinds responded swiftly by releasing Access Rights Manager 2024.3.1, addressing these vulnerabilities along with several bug fixes to enhance platform security and functionality.
Key fixes in the 2024.3.1 update include:
| Case Number(s) | Description |
|---|---|
| 01443343, 01572081 | The Accounts screen now correctly displays account information when adding or deleting multiple accounts from a SharePoint group. |
| 01719845 | GrantMA workflows now display in the Workflows tab after restarting the ARM Service. |
| 01721548, 01736092 | The Connection tab in the Settings menu is now accessible. |
| 01721505, 01721609 | ARM server hostnames containing numbers no longer break the connection between the ARM server and collector. |
| 01331492, 01677939 | Exception messages no longer display after updating the ARM server to version 2024.3. |
Recommendations
Organizations using SolarWinds ARM should apply the 2024.3.1 update immediately to mitigate the risks associated with these vulnerabilities.
SolarWinds has also provided guidance on resolving known issues during the update process. One known issue is a configwizard error when the ARM server fails to restart automatically after the update. The suggested workaround is to manually restart the ARM service. If the issue persists, users should delete the pnServer.messaging.config.xml file and restart the service again.
