Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Attackers can gain full control without authorization.
A serious vulnerability has been identified in the SolarWinds Web Help Desk that allows attackers to remotely execute arbitrary code on vulnerable systems (RCEs). Registered as CVE-2024-28988, the issue was discovered by the Zero Day Initiative (ZDI) team while analyzing a previous security issue.
The issue arises due to a deserialization vulnerability in Java, which allows attackers to run unauthorized commands on the target device. This type of vulnerability is especially dangerous because it does not require authentication to exploit it, which greatly simplifies the possibility of hacking.
The vulnerabilities affect SolarWinds Web Help Desk 12.8.3 HF2 and all previous versions. ZDI researchers discovered this issue while studying another vulnerability, which highlights the importance of regular security checks.
SolarWinds promptly released a patch to fix the problem. The patched version, SolarWinds Web Help Desk 12.8.3 HF3, is now available for download and all users are urged to install the update as soon as possible to protect their systems. The company expressed gratitude to the ZDI team for responsible disclosure and cooperation, which helped to eliminate the threat in a timely manner.
This incident highlights the ongoing risks associated with software vulnerabilities and reminds organizations to prioritize security updates. Implementing regular vulnerability checks, software updates, and tightening access controls will help minimize the risk of exploitation of similar vulnerabilities in the future.
Source
A serious vulnerability has been identified in the SolarWinds Web Help Desk that allows attackers to remotely execute arbitrary code on vulnerable systems (RCEs). Registered as CVE-2024-28988, the issue was discovered by the Zero Day Initiative (ZDI) team while analyzing a previous security issue.
The issue arises due to a deserialization vulnerability in Java, which allows attackers to run unauthorized commands on the target device. This type of vulnerability is especially dangerous because it does not require authentication to exploit it, which greatly simplifies the possibility of hacking.
The vulnerabilities affect SolarWinds Web Help Desk 12.8.3 HF2 and all previous versions. ZDI researchers discovered this issue while studying another vulnerability, which highlights the importance of regular security checks.
SolarWinds promptly released a patch to fix the problem. The patched version, SolarWinds Web Help Desk 12.8.3 HF3, is now available for download and all users are urged to install the update as soon as possible to protect their systems. The company expressed gratitude to the ZDI team for responsible disclosure and cooperation, which helped to eliminate the threat in a timely manner.
This incident highlights the ongoing risks associated with software vulnerabilities and reminds organizations to prioritize security updates. Implementing regular vulnerability checks, software updates, and tightening access controls will help minimize the risk of exploitation of similar vulnerabilities in the future.
Source
