SolarWinds Patches: Severe Web Help Desk Vulnerability Fixed
In light of recent cybersecurity events, a critical SolarWinds Web Help Desk vulnerability has been revealed. Although SolarWinds patches pertaining to the vulnerability have been released, if it were to be exploited, it could lead to the execution of arbitrary code on certain instances.
In this article, we’ll dive into the details of the vulnerability and the SolarWinds patch and reveal safety proctors for users at risk. Let’s begin!
Initial Disclosure: Palo Alto Networks And Cortex XSOAR
Before diving into the details, it’s worth mentioning here that this disclosure comes as a result of Palo Alto Networks patching a high-severity vulnerability which was affecting the Cortex XSOAR. This vulnerability, if exploited, could have allowed threat actors to have code execution and command injection capabilities.
Being tracked as CVE-2024-5914 with a CVSS of 7.0, this flaw impacts all versions of Cortex XSOAR CommonScripts before 1.12.33. Providing details pertaining to the vulnerability, the company has stated that:
“A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.”
Apart from this vulnerability, Palo Alto Networks have also addressed other moderate vulnerabilities that include:
- CVE-2024-5915 – a privilege escalation flaw with a CVSS of 5.2 in the GlobalProtect app on Windows devices.
- CVE-2024-5916 – an information exposure flaw with a CVSS of 6.0 in the PAN-OS softwares.
SolarWinds Patches The Remote Code Execution Flaw
As per recent reports, the flaw for which SolarWinds patches have been released is remote code execution vulnerability. It’s currently being tracked as CVE-2024-28986 and has a critical vulnerability severity score (CVSS) of 9.8. The Java decentralized vulnerability has prevailed in the SolarWinds Web Help Desk software.
In an advisory SolarWinds has stated that if the vulnerability was to be exploited, it would allow threat actors to execute commands on the host machine. An excerpt from the advisory, providing further details pertaining to the flaw, reads:
“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.”
Given the severity, it’s worth mentioning here that the vulnerability, for which SolarWinds patches have been released, currently affects all versions of the SolarWinds Web Help Desk Software including and before 12.8.3. It’s worth mentioning here that this flaw has been addressed in hotfix version 12.8.3 HF 1.
It’s worth mentioning here that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has now added CVE-2024-28986 to the Known Exploited Vulnerabilities (KEV) catalog. The addition has been made based on evidence of active exploits and federal agencies are required to apply the fixes by September 5th, 2024.
Users are also encouraged to apply the SolarWinds patches promptly as it can help mitigate the risk of exploitation and will improve their security posture.
Conclusion
The critical remote code execution flaw in SolarWinds Web Help Desk has raised significant security concerns. To protect against this vulnerability, users must apply the latest patches without delay. With the threat of remote code execution looming, prompt updates and the use of robust security solutions are essential for ensuring protection and lowering exposure to cyber threats.
The sources for this piece include articles in The Hacker News and Bleeping Computer.
The post SolarWinds Patches: Severe Web Help Desk Vulnerability Fixed appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/solarwinds-patches-severe-web-help-desk-vulnerability-fixed/