Vulnerability Details : CVE-2023-23844
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
Products affected by CVE-2023-23844
- cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-23844
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-23844
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
SolarWinds |
CWE ids for CVE-2023-23844
-
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.Assigned by: psirt@solarwinds.com (Secondary)
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-23844
-
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm
SolarWinds Platform 2023.3 Release NotesRelease Notes
-
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23844
SolarWinds Trust Center Security Advisories | CVE-2023-23844Vendor Advisory
Jump to