Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
CVE-2023-40062

8HIGH

Key Information:

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 1 November 2023

What is CVE-2023-40062?

The SolarWinds Platform is affected by a remote code execution vulnerability caused by an incomplete list of disallowed inputs. This flaw enables low-privileged users to execute arbitrary commands with SYSTEM privileges, posing serious security risks to system integrity and confidentiality. Organizations utilizing this platform should promptly review their security measures and ensure that they apply latest patches to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SolarWinds Platform 2023.3.1 and previous versions

References

https://documentation.solarwinds.com/en/success_center/hc...

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Aug 8, 2023

Credit

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

JSON

Solarwinds

What is CVE-2023-40062?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.