id: CVE-2024-0692 info: name: SolarWinds Security Event Manager - Unauthenticated RCE author: DhiyaneshDK severity: high description: | The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. impact: | Unauthenticated attackers on the adjacent network can execute arbitrary code remotely on the SolarWinds Security Event Manager, leading to complete system compromise and potential access to all security event data. remediation: | Upgrade to SolarWinds Security Event Manager version 2023.4.1 or later. reference: - https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm classification: cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2024-0692 cwe-id: CWE-502 epss-score: 0.84543 epss-percentile: 0.99284 cpe: cpe:2.3:a:solarwinds:security_event_manager:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: solarwinds product: security_event_manager fofa-query: title="SolarWinds Security Event Manager" tags: cve,cve2024,solarwinds,event-manager,cisa,vkev,vuln http: - raw: - | GET /webui/ HTTP/1.1 Host: {{Hostname}} matchers: - type: word part: body words: - "SolarWinds Security Event Manager" internal: true - raw: - | POST /services/messagebroker/streamingamf HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-amf abc matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "application/x-amf")' - 'contains(body, "AMF version")' condition: and # digest: 4b0a00483046022100c36ac5ee811d1541147a0e152d3733f045559e407838f7dbbe8712a91d49dcde0221008d39e4ef899f3032e8365805841d558e8fd5ec4d9c27fc056abb9a1cd8addc5d:922c64590222798bb761d5b6d8e72950