Directory Traversal Remote Code Execution Vulnerability
CVE-2023-33227

8HIGH

Key Information:

Vendor: Solarwinds
Status: Network Configuration Manager
Vendor: CVE Published:; 1 November 2023

Summary

SolarWinds Network Configuration Manager is impacted by a Directory Traversal vulnerability that can be exploited by low-level users to execute commands with SYSTEM privileges. This weakness poses significant risks, allowing unauthorized access and control over the affected system. Implementing the latest security updates is crucial to mitigate the threats associated with this vulnerability.

Affected Version(s)

Network Configuration Manager 2023.3.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/nc...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
May 18, 2023

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative