SolarWinds Platform Affected by Race Condition Vulnerability
CVE-2024-28999

8.1HIGH

Key Information:

Vendor: Solarwinds
Status: Solarwinds Platform
Vendor: CVE Published:; 4 June 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A race condition vulnerability has been identified in the web console of the SolarWinds Platform, allowing an attacker to exploit timing issues in the execution of code. This may lead to unauthorized access or manipulation of sensitive information. Patching and updating to the latest version is essential for maintaining system integrity and security. Users are strongly advised to implement the recommended mitigation strategies to protect their installations.

Affected Version(s)

SolarWinds Platform 2024.1.1 and previous versions

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-28999
Created by HussainFathy

References

https://www.solarwinds.com/trust-center/security-advisori...

vendor-advisory

https://documentation.solarwinds.com/en/success_center/or...

release-notes

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 22, 2024
👾
Exploit known to exist
Jun 22, 2024
Vulnerability published
Jun 4, 2024
Vulnerability Reserved
Mar 13, 2024

Credit

Elhussain Fathy (0xSphinx)