CVE-2024-0692

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm	Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692	Vendor Advisory
https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm	Release Notes
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:security_event_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-03-01 09:15

Updated : 2025-02-26 18:39

NVD link : CVE-2024-0692

Mitre link : CVE-2024-0692

CVE.ORG link : CVE-2024-0692

JSON object : View

Products Affected

solarwinds

security_event_manager

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-0692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-03-01T09:15:09.600", "references": [{"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds\u2019 service, resulting in remote code execution."}, {"lang": "es", "value": "SolarWinds Security Event Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite que un usuario no autenticado abuse del servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-02-26T18:39:48.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:security_event_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "162CD824-C2BC-44FE-AD86-A8860201524E", "versionEndExcluding": "2023.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}