SolarWinds: Critical RCE Bug Requires Urgent Patch
The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.
SolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986.
This vulnerability is a Java deserialization remote code execution (RCE) flaw that was initially discovered by researchers at Inmarsat Government.
Left unpatched, the vulnerability will allow an attacker to run commands on the host machine if exploited, the researchers reported in the advisory.
"While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing," the advisory stated.
CVE-2024-28986 was given a CVSS v3 score of 9.8, underscoring how critical it is that Web Help Desk customers apply the patch, which is now readily available, immediately.
The vendor recommends that all versions of Web Help Desk should be upgraded to version 12.8.3, and then the hotfix should be installed.
About the Author
You May Also Like
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024