430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 […]

SolarWinds SolarWinds Web Help Desk

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager.

SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM)

The flaw is a deserialization of untrusted data remote code execution vulnerability that impacts ARM 2024.3 and prior versions.

“SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability.” reads the advisory. “If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.”

The vulnerability was discovered by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.” reads the report published by Trend Micro Zero Day Initiative. “The specific flaw exists within the JsonSerializationBinder class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.”

Although authentication is needed to exploit the vulnerability, threat actors can bypass the authentication mechanism.

The company also addressed a hardcoded credential vulnerability, tracked as CVE-2024-28990, in ARM.

An attacker can exploit the vulnerability to bypass authentication and access the RabbitMQ management console. Piotr Bazydlo also reported this vulnerability.

SolarWinds addressed the issues with the release of Access Rights Manager (ARM) 2024.3.1.

The company is not aware of attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ARM