Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
September 14, 2023
Rewterz
Rewterz Threat Advisory – Multiple Fortinet FortiTester Vulnerabilities
September 15, 2023

Rewterz Threat Advisory – Multiple SolarWinds Platform Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-23840 CVSS:6.8

SolarWinds Platform could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an incorrect comparison vulnerability the SolarWinds Web Console. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands with NETWORK SERVICE privileges on the system.

CVE-2023-23845 CVSS:6.8

SolarWinds Platform could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an incorrect comparison vulnerability the SolarWinds Web Console. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands with NETWORK SERVICE privileges on the system.

Impact

  • Command Execution

Indicators Of Compromise

CVE

  • CVE-2023-23840
  • CVE-2023-23845

Affected Vendors

SolarWinds

Affected Products

  • SolarWinds Platform 2023.3

Remediation

Upgrade to the latest version of SolarWinds Platform, available from the SolarWinds Website. 

SolarWinds Website