.webp)
A critical vulnerability reported under active exploitation has been added to CISA’s known exploited vulnerabilities catalog. This vulnerability is categorized as CVE-2024-28986 (CVSSv3.1: 9.8) and affects SolarWinds Web Help Desk. It is defined as a Java Deserialization Remote Code Execution which if exploited would allow an attacker to run commands on the host machine.
SolarWinds Web Help Desk 12.8.3 and all previous versions are affected.
This vulnerability is defined as requiring no authentication, but SolarWinds has reported that they have done thorough testing and could not reproduce the bug without authentication. They are still urging Web Help Desk customers to apply the now-available patch as reported in the advisory on 8/9/2024.
This vulnerability has a high CVSS score, there are reports of active exploitation, and it allows for remote code execution. It would have a high impact if exploited and presents an elevated risk due to reports of active exploitation in the wild.
Upgrading to SolarWinds Web Help Desk 12.8.3 HF 1 will remediate this vulnerability. Review the documentation for Web Help Desk to ensure a proper upgrade.
Patch: We advise you to follow the steps listed in the update documentation linked above and update SolarWinds Web Help Desk to the latest version.
Review documentation: Ensure you are reviewing and following the steps outlined in vendor documentation regarding vulnerability remediation, application upgrades, and mitigations.
Assess scope and plan: Use vulnerability scanning tools to assess the scope of this vulnerability throughout your environment and get all associated parties together to create a plan to patch the associated software.
SolarWinds Trust Center Security Advisories | CVE-2024-28986
On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.
As we conclude our 'ransomware readiness week' of this Cybersecurity Awareness Month, it's time to take a critical look at your organization's defenses. Ransomware attacks are becoming more sophisticated, and no business is immune. In our latest article, we explore essential strategies to bolster your ransomware preparedness. Don't miss this vital information to help protect your business from emerging threats.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
