Vulnerability Description
The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Solarwinds Platform | < 2023.3.0 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224Vendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224Vendor Advisory
FAQ
What is CVE-2023-33224?
CVE-2023-33224 is a vulnerability with a CVSS score of 7.2 (HIGH). The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary command...
How severe is CVE-2023-33224?
CVE-2023-33224 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33224?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Solarwinds Platform.