SolarWinds fixes critical developer oversight
- by nlqip
While no active exploitation has been reported yet, SolarWinds is recommending swift patching to stay ahead of the adversaries. Zach Hanley, the vulnerability researcher credited for the discovery of the vulnerability has promised further details.
“Reported a critical vulnerability to SolarWinds on Friday after digging into the recent CISA KEV CVE-2024-28986 for WebHelpDesk, amazed they’ve already shipped a patch 4 days later!” Hanley wrote on X. “Will release some details next month.”
Additional Fixes
Along with the fix for the WHD hardcoded credential vulnerability, the hotfix, which refers to a small, targeted software update designed to address specific vulnerabilities, also included an upgraded version of a recent hotfix addressing CVE-2024-28986, a 9.8 CVSS, remote code execution vulnerability affecting the same product.
Source link
lol
While no active exploitation has been reported yet, SolarWinds is recommending swift patching to stay ahead of the adversaries. Zach Hanley, the vulnerability researcher credited for the discovery of the vulnerability has promised further details. “Reported a critical vulnerability to SolarWinds on Friday after digging into the recent CISA KEV CVE-2024-28986 for WebHelpDesk, amazed they’ve…
Recent Posts
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
- Firefox Zero-Day Under Attack: Update Your Browser Immediately
- Internet Archive hacked, data breach impacts 31 million users
- CISA says critical Fortinet RCE flaw now exploited in attacks
- Crypto-stealing malware campaign infects 28,000 people