Directory Traversal Remote Code Execution Vulnerability
CVE-2023-33226

8HIGH

Key Information:

Vendor: Solarwinds
Status: Network Configuration Manager
Vendor: CVE Published:; 1 November 2023

Summary

The Network Configuration Manager by SolarWinds is vulnerable to a directory traversal flaw that could be exploited by low-privileged users. This weakness allows attackers to execute commands with SYSTEM-level privileges, potentially compromising the integrity and security of the network environment. Users are recommended to update to the latest version and follow security best practices to mitigate risk.

Affected Version(s)

Network Configuration Manager 2023.3.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/nc...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
May 18, 2023

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative