CVERadar

CVE-2024-28990

Critical Severity

Solarwinds

SVRS

84/100

CVSSv3

9.8/10

EPSS

0.00067/1

CVE-2024-28990: A critical authentication bypass vulnerability exists in SolarWinds Access Rights Manager (ARM). This flaw, identified as CVE-2024-28990, involves hard-coded credentials that can be exploited to gain unauthorized access to the RabbitMQ management console. With a SOCRadar Vulnerability Risk Score (SVRS) of 84, this vulnerability is deemed critical and requires immediate attention. The high SVRS indicates active exploitation in the wild, confirmed by external sources. Successful exploitation allows attackers to bypass normal authentication procedures. This poses significant risks including data breaches, system compromise, and disruption of services managed through the RabbitMQ console. Given the potential for severe impact, patching or mitigating this vulnerability should be prioritized.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-09-12

LAST MODIFIED2024-09-16

SOCRadar

AI Insight

Description

CVE-2024-28990 is a hard-coded credential authentication bypass vulnerability in SolarWinds Access Rights Manager (ARM). This vulnerability allows access to the RabbitMQ management console if exploited. The SVRS for this CVE is 0, indicating a low risk.

Key Insights

This vulnerability could allow attackers to gain unauthorized access to sensitive information or systems.
The vulnerability is easy to exploit and requires no special skills or knowledge.
There are no known active exploits for this vulnerability.
CISA has not issued a warning for this vulnerability.

Mitigation Strategies

Update SolarWinds ARM to the latest version.
Disable the RabbitMQ management console if it is not needed.
Implement strong authentication controls to prevent unauthorized access to sensitive information.
Monitor your systems for any suspicious activity.

Additional Information

If you have any additional questions about this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager - Security Affairs

2024-09-16

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager - Security Affairs | News Content: SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions. “SolarWinds Access Rights Manager (ARM) was found to be susceptible

google.com

rss

forum

news

ZDI-24-1225: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability

2024-09-13

ZDI-24-1225: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability | This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-28990.

cve-2024-28990

cves

access

exploit

Social Media

CRAC Learning - Tech

@cracbot

2024-09-17

CVE-2024-28990 (CVSS:9.8, CRITICAL) is Analyzed. SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability...https://t.co/WiF3jQ0QhT #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

Affected Software

Configuration 1

Type	Vendor	Product
App	Solarwinds	access_rights_manager

References

Reference	Link
[email protected]	https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm
[email protected]	https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28990

CWE Details

CWE ID	CWE Name	Description
CWE-798	Use of Hard-coded Credentials	The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence