A high-risk software vulnerability with a CVSS score of 9.8, also known as CVE-2024-28986, has been identified in SolarWinds Web Help Desk, which may allow an attacker to install and execute arbitrary commands on a compromised system.
The vulnerability is due to a Java deserialization flaw that could be exploited to compromise a remote location code. Despite the fact that the issue was first reported as an unauthenticated protection, in the course of Solar Winds product testing, the flaw could not be exploited without password entry. Nevertheless, given the overall criticality and ability of the vulnerability, the issue applies to all software versions of SolarWinds Web Help Desk systems up to the 12.8.3 version.
The Solar Winds information stated that they issued a Hotfix in software version 12.8.3 HF 1 to solve the issue. All customers must ensure that they are running Web Help Desk version 12.8.3.1813. Additionally, they must read the following installation instructions containing the applicable files and back up a copy.
After concluding that the vulnerability in SolarWinds is malicious according to its assessment, the U.S. Cybersecurity and Infrastructure Security Agency has added this case to the Known Exploited Vulnerabilities such that the federal parties cannot get rid of it unless by September 5, 2024.
The finding and solution of the critical vulnerability in SolarWinds Web Help Desk allow organizations to understand that it is imperative to install security patches from multiple developers on time as well as perform timely updates to prevent such threats.
This is a critical vulnerability issue however; an attacker can execute arbitrary commands on a compromised system.
Apply the Hotfix issued by SolarWinds in Web Help Desk for version 12.8.3.1813 and make backup copies of your files.
Yes, it has been added to the Known Exploited Vulnerabilities by the CISA.
Yes, any organization that has installed the latest version of web help desk version 12.8.3 is supposed to apply the hotfix in order to install the necessary patch.
All Federal agencies must implement any fixes that might be attached to their system by September 9, 2024.
KnowTechNews is your go-to source for the latest in technology. From breaking news and gadget reviews to in-depth insights and industry trends, we bring you everything you need to stay informed.