CVE-2024-0692

HIGH EXPLOITED NUCLEI

SolarWinds Security Event Manager - RCE

Title source: llm

Description

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

Exploits (1)

nomisec WORKING POC

by machevalia · remote

https://github.com/machevalia/CVE-2024-0692-SolarWinds-SEM-RCE

View Code ZIP pw:eip

Nuclei Templates (1)

SolarWinds Security Event Manager - Unauthenticated RCE

HIGHVERIFIEDby DhiyaneshDK

FOFA: title="SolarWinds Security Event Manager"

References (2)

[Release Notes] https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692

Scores

CVSS v3 8.8

EPSS 0.7830

EPSS Percentile 99.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-06-25

Classification

CWE

CWE-502

Status published

Affected Products (1)

solarwinds/security_event_manager < 2023.4.1

Timeline

Published Mar 01, 2024

Tracked Since Feb 18, 2026