{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-40057", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2023-08-08T23:22:08.618Z", "datePublished": "2024-02-15T20:36:12.759Z", "dateUpdated": "2024-02-15T20:49:04.504Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Access Rights Manager", "vendor": "SolarWinds", "versions": [{"lessThanOrEqual": "2023.2.2 ", "status": "affected", "version": "previous versions", "versionType": "2023.2.3"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Anonymous working with Trend Micro Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.<br>"}], "value": "The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.\n"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2024-02-15T20:49:04.504Z"}, "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.3<br>"}], "value": "All SolarWinds Access Rights Manager customers are advised to upgrade to the latest version of the SolarWinds Access Rights Manager 2023.2.3\n"}], "source": {"discovery": "UNKNOWN"}, "title": "SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1D2B6ED-102D-4654-B95B-73E06277861B", "versionEndExcluding": "2023.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.\n"}, {"lang": "es", "value": "Se descubri\u00f3 que SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Si se explota, esta vulnerabilidad permite que un usuario autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2023-40057", "lastModified": "2024-02-20T20:39:34.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "psirt@solarwinds.com", "type": "Primary"}]}, "published": "2024-02-15T21:15:08.247", "references": [{"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40057"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@solarwinds.com", "type": "Primary"}]}

{}