Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

Featured Resources

WHITEPAPERS

CASE STUDIES

VIEW ALL CYBERSECURITY RESOURCES →

Blog Articles

PENETRATION TESTING

APPLICATION SECURITY

Cybersecurity News

THE LATEST NEWS

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

2024-04-22

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

Cisco Duo provider breached, SMS MFA logs compromised

2024-04-16

Microsoft will limit Exchange Online bulk emails to fight spam

2024-04-16

Hacker claims Giant Tiger data breach, leaks 2.8M records online

2024-04-15

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

2024-04-12

GSMA releases Mobile Threat Intelligence Framework

2024-04-10

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

2024-04-09

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

2024-04-08

Home Depot confirms third-party data breach exposed employee info

2024-04-08

Hoya’s optics production and orders disrupted by cyberattack

2024-04-04

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

2024-04-04

New Chrome feature aims to stop hackers from using stolen cookies

2024-04-03

AT&T data leaked: 73 million customers affected

2024-04-02

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

2024-04-01

INC Ransom claims responsibility for attack on NHS Scotland

2024-03-28

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

2024-03-27

CISA urges software devs to weed out SQL injection vulnerabilities

2024-03-26

Exploit released for Fortinet RCE bug used in attacks, patch now

2024-03-21

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

2024-03-19

Nissan breach exposed data of 100,000 individuals

2024-03-18

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

2024-03-15

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

2024-03-14

Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

2024-03-14

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

SolarWinds fixes critical RCE bugs in access rights audit solution

Critical, RCE
February 16, 2024

SolarWinds has patched five remote code execution flaws in its Access Rights Manager solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.

Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.

The other two bugs can also be used in RCE attacks and have been rated by SolarWinds as high-severity issues.

SolarWinds patched the flaws in Access Rights Manager 2023.2.3, which was released this Thursday with bug and security fixes.

SolarWinds also fixed three other critical Access Rights Manager RCE bugs in October, allowing attackers to run code with SYSTEM privileges.

Four years ago, the Russian APT29 hacking group infiltrated SolarWinds’ internal systems, injecting malicious code into SolarWinds Orion IT administration platform builds downloaded by customers between March 2020 and June 2020.

Share this article on social media: