Aug 15, 2024Ravie LakshmananEnterprise Security / Vulnerability
SolarWinds has recently uncovered a critical security vulnerability in its Web Help Desk software, posing a significant risk of arbitrary code execution on vulnerable instances.
The vulnerability, labeled as CVE-2024-28986 with a CVSS score of 9.8, is attributed to a deserialization bug.
In an advisory, SolarWinds stated, “SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.”
Although initially reported as an unauthenticated vulnerability, SolarWinds failed to replicate it without authentication during tests.
This flaw affects all versions of SolarWinds Web Help Desk, including and prior to 12.8.3, and has been fixed in hotfix version 12.8.3 HF 1.
At the same time, Palo Alto Networks addressed a high-severity vulnerability in Cortex XSOAR, designated as CVE-2024-5914 with a CVSS score of 7.0, which could lead to command injection and code execution. The vulnerability affects all versions of Cortex XSOAR CommonScripts prior to 1.12.33.
Palo Alto Networks also resolved two moderate-severity issues, namely CVE-2024-5915 and CVE-2024-5916, involving privilege escalation and information exposure, respectively.
Users are advised to update to the latest software versions to mitigate potential risks and revoke any configured secrets, passwords, and tokens in PAN-OS firewalls after the update as a precautionary measure.
Update: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the SolarWinds CVE-2024-28986 to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation, mandating federal agencies to apply the fixes by September 5, 2024.