CVE-2024-0692

HIGH EXPLOITED NUCLEI

SolarWinds Security Event Manager - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-0692 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including machevalia. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-0692, targeting SolarWinds Security Event Manager via BlazeDS AMF deserialization. It uses a C3P0 gadget chain to achieve remote code execution through reverse shell payloads.

Description

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

Exploits (1)

nomisec WORKING POC
by machevalia · remote
https://github.com/machevalia/CVE-2024-0692-SolarWinds-SEM-RCE

This repository contains a functional exploit for CVE-2024-0692, targeting SolarWinds Security Event Manager via BlazeDS AMF deserialization. It uses a C3P0 gadget chain to achieve remote code execution through reverse shell payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SolarWinds Security Event Manager
No auth needed
Prerequisites: Java 8+ for payload compilation · Python 3.6+ with requests library · Network access to target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

SolarWinds Security Event Manager - Unauthenticated RCE
HIGHVERIFIEDby DhiyaneshDK
FOFA: title="SolarWinds Security Event Manager"

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.9156
EPSS Percentile 99.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2025-06-25
CWE
CWE-502
Status published
Products (1)
solarwinds/security_event_manager < 2023.4.1
Published Mar 01, 2024
Tracked Since Feb 18, 2026