August 15, 2024 at 03:15PM
SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed.
Based on the meeting notes, the key takeaways are as follows:
– SolarWinds has identified a critical vulnerability in its Web Help Desk platform, tracked as CVE-2024-28986. This is a Java deserialization remote code execution (RCE) flaw.
– If left unpatched, this vulnerability could allow an attacker to run commands on the host machine. The vulnerability was given a CVSS v3 score of 9.8, highlighting its critical nature.
– SolarWinds has been unable to reproduce the vulnerability without authentication after thorough testing, despite initial reports of it being unauthenticated.
– To mitigate the risk, SolarWinds is urging all Web Help Desk customers to upgrade to version 12.8.3 and install the readily available hotfix immediately.
These takeaways highlight the urgency for Web Help Desk customers to apply the recommended patch and upgrade to the specified version to protect against the critical vulnerability.