August 15, 2024 at 10:51AM
SolarWinds has released a patch to fix a critical security flaw in its Web Help Desk software (CVE-2024-28986) that could allow remote code execution. Palo Alto Networks also addressed high and moderate-severity vulnerabilities in Cortex XSOAR and GlobalProtect, urging users to update to the latest versions to reduce risks and revoke any configured secrets or passwords.
Key takeaways from the meeting notes:
1. SolarWinds has addressed a critical security vulnerability (CVE-2024-28986) in its Web Help Desk software through patches.
2. The vulnerability could allow an attacker to execute arbitrary code on susceptible instances.
3. The impacted versions include and prior to 12.8.3, and the fix is available in hotfix version 12.8.3 HF 1.
4. Palo Alto Networks has patched a high-severity vulnerability (CVE-2024-5914) affecting Cortex XSOAR, allowing command injection and code execution.
5. Two moderate-severity issues (CVE-2024-5915 and CVE-2024-5916) have also been addressed by Palo Alto Networks.
6. Users are strongly advised to update to the latest versions of the affected software to mitigate potential risks.
7. Additionally, it is recommended to revoke secrets, passwords, and tokens configured in PAN-OS firewalls after upgrading to the latest version.
The meeting notes provide important information about critical security vulnerabilities and the necessary actions to mitigate the risks associated with these vulnerabilities.