CVE-2023-23844

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SolarWinds Orion Platform (affected versions not specified)

Description The issue is related to an Incorrect Comparison Vulnerability in the SolarWinds Orion Platform, specifically in the BlacklistedFilesChecker class. This vulnerability allows users with administrative access to the SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. It can be exploited by a remote attacker to execute arbitrary code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697CWE-184

Related Identifiers

BDU:2023-04760

CVE-2023-23844

ZDI-23-1004

Affected Products

Solarwinds Orion Platform

CVE-2023-23844

Weakness Enumeration

Related Identifiers

Affected Products

References · 9