CVE-2023-35181: 
SolarWinds Access Rights Manager vulnerability analysis and mitigation

The SolarWinds Access Rights Manager (ARM) was found to contain a privilege escalation vulnerability identified as CVE-2023-35181. This vulnerability, discovered in October 2023, allows users to exploit incorrect folder permissions to achieve privilege escalation. The vulnerability affects SolarWinds ARM version 2023.2.0.73 and prior versions (SolarWinds Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from incorrect default permissions that can be exploited locally. The issue is classified under CWE-276 (Incorrect Default Permissions) (NVD).

If successfully exploited, this vulnerability allows attackers to achieve privilege escalation on affected systems, potentially gaining elevated access rights and compromising system security. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the system (Dark Reading).

SolarWinds has released version 2023.2.1 of the Access Rights Manager to address this vulnerability. Organizations using affected versions are strongly advised to upgrade to the patched version 2023.2.1. SolarWinds has communicated with customers about the necessary steps to apply the fix to harden their environments (SolarWinds Advisory).

The vulnerability was discovered and reported by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative, highlighting the collaborative effort between security researchers and vendors in identifying and addressing security issues (SolarWinds Advisory).