Home / Threat Intelligence bulletins / SolarWinds discloses eight Access Rights Manager (ARM) tool vulnerabilities

Target Industry

Indiscriminate, opportunistic targeting.


Eight vulnerabilities in the SolarWinds Access Rights Manager (ARM) tool have been disclosed, six of which pertain to remote code execution (RCE) and two to privilege escalation.

Three of the RCE flaws have been assigned a high severity level (CVSSv3.1 score of 8.8) and are being tracked as CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187. “The remaining three RCE issues all pertain to the SolarWinds service, or the ARM API. These flaws are being tracked as CVE-2023-35180 (CVSSv3.1 score: 8.0), CVE-2023-35184 (CVSSv3 score: 8.8), and CVE-2023-35186 (CVSSv3.1 score: 8.0).” (high severity level).

The two privilege escalation security flaws, tracked as CVE-2023-35181 and CVE-2023-35183, have both been assigned a CVSSv3.1 score of 7.8 (high severity level) and could allow threat actors to leverage local resources and incorrect folder permissions.


Successful exploitation of the vulnerabilities disclosed by SolarWinds would almost certainly allow a remote, unauthenticated threat actor to execute arbitrary code at system level (the highest level of privilege on a Windows machine) or abuse local resources and incorrect folder permissions to perform local privilege escalation, thereby hijacking compromised systems.

Vulnerability Detection

A security patch has been released by SolarWinds with regards to the disclosed vulnerabilities. As such, previous product versions remain vulnerable to potential exploitation.

Affected Products

SolarWinds Access Rights Manager

Containment, Mitigations & Remediations

It is strongly recommended that users of affected SolarWinds systems apply the ARM version 2023.2.1 update as a matter of urgency. This patch remediates all eight vulnerabilities.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

SolarWinds occupies a significant portion of the IT management market share. The platform is used extensively within corporate networks across the industry sector spectrum. The ARM tool is directly involved with the management of critical network components, and it has therefore been assessed that cyber threat actors will almost certainly view organisations with operational protocols involving this tool as prime targets as they seek to meet their pre-defined objectives.

The Russian nation state-sponsored threat actor group, tracked as Midnight Blizzard, targeted SolarWinds in 2020 by deploying malicious code into the Orion IT monitoring and management software in a supply-chain compromise. Having been previously subjected to malicious cyber operations, it is therefore of critical importance to adhere to the recommended remediation and mitigation strategies to reduce the risk of exploitation.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration (CWE):

CVE-2023-35181, CVE-2023-35183: CWE-276 – Incorrect Default Permissions

CVE-2023-35180, CVE-2023-35184, CVE-2023-35186, CVE-2023-35182: CWE-502 – Deserialization of Untrusted Data

CVE-2023-35185, CVE-2023-35187: CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)


TA0002 – Execution

TA0004 – Privilege Escalation

Further Information

SolarWinds Patch Notes

TrendMicro Zero-Day Initiative Advisory


An Intelligence Terminology Yardstick to showing the likelihood of events