Critical SolarWinds Web Help Desk Flaw Actively Exploited
CVE-2024-28986: Remote Code Execution Vulnerability Impacts SolarWinds Customers
Patch Released for Immediate Installation
On August 14, 2024, SolarWinds disclosed a critical security vulnerability, CVE-2024-28986, in its Web Help Desk software. The vulnerability, a remote code execution (RCE) flaw, allows attackers to execute code remotely on affected systems.
SolarWinds issued an urgent security advisory on August 13, 2024, urging customers to patch the vulnerability immediately. According to SolarWinds, the vulnerability affects all versions of Web Help Desk prior to version 12.3.
The Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that attackers are actively exploiting the vulnerability. CISA recommends that organizations patch their systems immediately to mitigate the risk of exploitation.
How to Patch the Vulnerability
SolarWinds has released a hotfix to address the vulnerability. The hotfix is available for download from the SolarWinds website.
To patch the vulnerability, follow these steps:
- Download the hotfix from the SolarWinds website.
- Install the hotfix on all affected systems.
- Restart the Web Help Desk service.
Additional Information
For more information on the vulnerability, please refer to the following resources:
Comments