We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-23842

SolarWinds Network Configuration Manager Directory Traversal Vulnerability



AssignerSolarWinds
Reserved2023-01-18
Published2023-07-26
Updated2024-10-23

Description

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

Any version before 2023.3
affected

Credits

SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner. finder

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23842

https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-3_release_notes.htm

cve.org CVE-2023-23842

nvd.nist.gov CVE-2023-23842

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.