CVE-2023-40055

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability.  This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.We found this issue was not resolved in CVE-2023-33227
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SolarWindsCNA
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
solarwindsnetwork_configuration_manager
𝑥
≤ 2023.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055