Priya PatelTLDR:
- SolarWinds released patches for critical ARM vulnerabilities enabling RCE attacks.
- The vulnerabilities, CVE-2024-28991 and CVE-2024-28990, have been fixed in ARM version 2024.3.1.
Article Summary:
SolarWinds has addressed two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could lead to remote code execution (CVE-2024-28991). Discovered by security researcher Piotr Bazydlo, the flaw allows authenticated users to exploit the service, resulting in RCE. Another medium-severity flaw (CVE-2024-28990) exposing hard-coded credentials has also been patched in ARM version 2024.3.1. While there is no evidence of active exploitation, users are urged to update. This development coincides with D-Link resolving critical vulnerabilities in its routers. Stay updated to protect against potential threats.
