CVE-2023-33224: SolarWinds Platform Incorrect Behavior Order Vulnerability
First published: Wed Jul 26 2023(Updated: )
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
Credit: psirt@solarwinds.com psirt@solarwinds.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Solarwinds Solarwinds Platform | <2023.3.0 |
Remedy
All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-33224?
CVE-2023-33224 is the vulnerability in the SolarWinds Platform known as the Incorrect Behavior Order Vulnerability.
How does CVE-2023-33224 impact SolarWinds Platform?
CVE-2023-33224 allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
What is the severity of CVE-2023-33224?
CVE-2023-33224 has a severity rating of 7.2, which is considered high.
Which software versions are affected by CVE-2023-33224?
The SolarWinds Platform versions up to exclusive 2023.3.0 are affected by CVE-2023-33224.
How can I fix CVE-2023-33224?
To fix CVE-2023-33224, it is recommended to update the SolarWinds Platform to a version beyond 2023.3.0.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/nvd-latest
- agent/software-canonical-lookup-request
- agent/severity
- agent/description
- collector/nvd-api
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/solarwinds
- canonical/solarwinds solarwinds platform