SolarWinds has issued patches to mitigate a severe security vulnerability in its Web Help Desk software that could allow attackers to execute arbitrary code on affected systems. The vulnerability, identified as CVE-2024-28986 with a CVSS score of 9.8, is characterized as a deserialization issue.
The company, in its advisory, indicated that this vulnerability permits remote code execution through Java deserialization. An attacker exploiting this flaw could manipulate the software to execute commands on the underlying host machine. Although the vulnerability was initially reported to be unauthenticated, SolarWinds has stated it could not reproduce the issue without authentication after extensive testing.
This security flaw affects all versions of SolarWinds Web Help Desk up to and including version 12.8.3 and has been addressed in the recent hotfix, version 12.8.3 HF 1. Business owners using vulnerable versions are strongly advised to update their software immediately to avoid potential exploitation.
The disclosure about SolarWinds follows shortly after Palo Alto Networks addressed a significant security vulnerability impacting its Cortex XSOAR platform. The vulnerability, tracked as CVE-2024-5914 with a CVSS score of 7.0, also allows for command injection and code execution, affecting all versions of Cortex XSOAR CommonScripts prior to 1.12.33.
The risk centered on a command injection flaw that allows unauthorized attackers to execute arbitrary commands within an integration container. For exploitation, the respective integration must utilize the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.
Palo Alto Networks has also released fixes for two moderate-severity vulnerabilities. The first, CVE-2024-5915, pertains to a privilege escalation issue in the GlobalProtect app for Windows devices, enabling local users to run programs with elevated privileges. The second, CVE-2024-5916, involves an information exposure vulnerability in PAN-OS software, which allows local system administrators to access sensitive secrets, passwords, and tokens from external systems.
To mitigate potential risks, users of the affected products should upgrade to the latest versions as soon as possible. Additionally, users are advised to revoke any secrets, passwords, and tokens stored in PAN-OS firewalls following the upgrades. These vulnerabilities underscore the critical need for businesses to stay informed about cybersecurity risks.
Update
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-28986 to its catalog of Known Exploited Vulnerabilities (KEV), indicating evidence of active exploitation in the wild. Federal agencies must apply the necessary patches by September 5, 2024, to secure their systems.
