Vulnerability Details : CVE-2023-23845
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Products affected by CVE-2023-23845
- cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-23845
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-23845
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
SolarWinds |
CWE ids for CVE-2023-23845
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by:
- nvd@nist.gov (Secondary)
- psirt@solarwinds.com (Primary)
-
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.Assigned by: psirt@solarwinds.com (Secondary)
References for CVE-2023-23845
-
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm
SolarWinds Platform 2023.3.1 Release NotesVendor Advisory
-
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23845
Vendor Advisory
Jump to