SolarWinds fixes critical developer oversight
- by nlqip
While no active exploitation has been reported yet, SolarWinds is recommending swift patching to stay ahead of the adversaries. Zach Hanley, the vulnerability researcher credited for the discovery of the vulnerability has promised further details.
“Reported a critical vulnerability to SolarWinds on Friday after digging into the recent CISA KEV CVE-2024-28986 for WebHelpDesk, amazed they’ve already shipped a patch 4 days later!” Hanley wrote on X. “Will release some details next month.”
Additional Fixes
Along with the fix for the WHD hardcoded credential vulnerability, the hotfix, which refers to a small, targeted software update designed to address specific vulnerabilities, also included an upgraded version of a recent hotfix addressing CVE-2024-28986, a 9.8 CVSS, remote code execution vulnerability affecting the same product.
Source link
lol
While no active exploitation has been reported yet, SolarWinds is recommending swift patching to stay ahead of the adversaries. Zach Hanley, the vulnerability researcher credited for the discovery of the vulnerability has promised further details. “Reported a critical vulnerability to SolarWinds on Friday after digging into the recent CISA KEV CVE-2024-28986 for WebHelpDesk, amazed they’ve…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA