SolarWinds Security Event Manager Vulnerable to Remote Code Execution
Key Information
- Vendor
- Solarwinds
- Status
- Security Event Manager
- Vendor
- CVE Published:
- 1 March 2024
Badges
Summary
The SolarWinds Security Event Manager is vulnerable to remote code execution due to a flaw in the handling of untrusted data. This flaw allows attackers to take complete control of vulnerable installations, potentially leading to compromising sensitive data, injecting additional malware, disrupting critical operations, and pivoting to other systems within the network. The severity of this vulnerability is highlighted by its CVSS score of 8.8. The vulnerability was discovered by anonymous researchers working with Trend Micro’s Zero Day Initiative (ZDI), and SolarWinds has released a patch to address the issue in version 2023.4.1 of the Security Event Manager. Organizations using SEM are advised to update their software immediately to mitigate the risk.
Affected Version(s)
Security Event Manager = 2023.4 and previous versions
News Articles
Vulcan Cyber CVE-2024-0692How to fix CVE-2024-0692 in SolarWinds Security Event Manager
SolarWinds is battling yet another vulnerability, this time CVE-2024-0692 in its Security Event Manager. Here's everything you need to know.
9 months ago
securityonline.info CVE-2024-0692CVE-2024-0692: SolarWinds Security Event Manager Unauthenticated RCE Flaw
SolarWinds has disclosed and patched a serious remote code execution (CVE-2024-0692) vulnerability in its Security Event Manager solution
9 months ago
CVSS V3.1
Timeline
Vulnerability started trending.
First article discovered by securityonline.info
Vulnerability published.
Vulnerability Reserved.