CVE-2024-0692

HIGH EXPLOITED NUCLEI

SolarWinds Security Event Manager - RCE

Title source: llm

Description

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

Exploits (1)

nomisec WORKING POC

by machevalia · remote

https://github.com/machevalia/CVE-2024-0692-SolarWinds-SEM-RCE

View Code ZIP pw:eip

Nuclei Templates (1)

SolarWinds Security Event Manager - Unauthenticated RCE

HIGHVERIFIEDby DhiyaneshDK

FOFA: title="SolarWinds Security Event Manager"

References (2)

[Release Notes] https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692

Scores

CVSS v3 8.8

EPSS 0.7830

EPSS Percentile 99.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-06-25

CWE

CWE-502

Status published

Products (1)

solarwinds/security_event_manager < 2023.4.1

Published Mar 01, 2024

Tracked Since Feb 18, 2026