August 16, 2024 at 06:10AM
CISA warned of a critical vulnerability in SolarWinds Web Help Desk, CVE-2024-28986, allowing remote code execution. SolarWinds released a patch but noted an authentication requirement for successful exploitation. The flaw affects versions 12.4 to 12.8 and has been observed in the wild. Federal agencies must address vulnerable instances by September 5.
Based on the meeting notes, here are the key takeaways:
– The US cybersecurity agency CISA has warned of a critical-severity vulnerability in SolarWinds Web Help Desk, tracked as CVE-2024-28986, which has been exploited in attacks.
– The vulnerability is described as a Java deserialization remote code execution (RCE) issue that could allow attackers to run commands on the host machine.
– SolarWinds has released a hotfix to address the vulnerability, but it requires authentication for successful exploitation. The hotfix is compatible with Web Help Desk version 12.8.3.1813 only.
– It’s important to note that the hotfix should not be applied to Web Help Desk installations if SAML Single Sign-On (SSO) is utilized.
– The short window between public disclosure and the addition of CVE-2024-28986 to CISA’s Known Exploited Vulnerabilities (KEV) catalog suggests that the vulnerability might have been exploited as a zero-day.
– Federal agencies have until September 5 to identify and patch vulnerable SolarWinds Web Help Desk instances in their environments, per the Binding Operational Directive (BOD) 22-01.
– All organizations are advised to review SolarWinds’ advisory and apply the necessary mitigations as soon as possible.
These takeaways highlight the urgency for organizations, especially federal agencies, to address the vulnerability and apply the necessary patches to mitigate the risk of exploitation.