CVE-2023-35182: 
SolarWinds Access Rights Manager vulnerability analysis and mitigation

The SolarWinds Access Rights Manager (ARM) was found to contain a critical Remote Code Execution (RCE) vulnerability identified as CVE-2023-35182. This vulnerability affects ARM version 2023.2.0.73 and prior versions, allowing unauthenticated users to execute arbitrary code with SYSTEM privileges on the SolarWinds ARM Server. The vulnerability was discovered by Sina Kheirkhah of Summoning Team working with Trend Micro Zero Day Initiative and was publicly disclosed on October 18, 2023 (SolarWinds Advisory, ZDI Advisory).

The vulnerability exists within the 'createGlobalServerChannelInternal' method of the ARM software. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) by NIST NVD, while SolarWinds has rated it with a CVSS score of 8.8 (HIGH). The vulnerability is classified under CWE-502 (Deserialization of Untrusted Data) (ZDI Advisory, NVD).

If exploited, this vulnerability allows attackers to execute arbitrary code with SYSTEM privileges, which represents the highest level of access on Windows systems. This means an attacker could gain complete control over the affected system, potentially leading to unauthorized access, data theft, or system compromise (Dark Reading, SOCRadar).

SolarWinds has released version 2023.2.1 of Access Rights Manager which contains fixes for this vulnerability. Organizations using affected versions are strongly advised to upgrade to the patched version immediately. SolarWinds has stated they are not aware of any evidence that this vulnerability has been exploited in the wild (SolarWinds Release Notes).