SolarWinds has launched patches to handle a vital safety vulnerability in its Internet Assist Desk software program that may very well be exploited to execute arbitrary code on prone cases.
The flaw, tracked as CVE-2024-28986 (CVSS rating: 9.8), has been described as a deserialization bug.
“SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine,” the corporate mentioned in an advisory.
“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.”
The flaw impacts all variations of SolarWinds Internet Assist Desk together with and previous to 12.8.3. It has been addressed in hotfix model 12.8.3 HF 1.
The disclosure comes as Palo Alto Networks patched a high-severity vulnerability affecting Cortex XSOAR that would end in command injection and code execution.
Assigned the CVE identifier CVE-2024-5914 (CVSS rating: 7.0), the shortcoming impacts all variations of Cortex XSOAR CommonScripts earlier than 1.12.33.
“A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container,” the corporate mentioned.
“To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.”
Additionally addressed by Palo Alto Networks are two moderate-severity points listed beneath –
- CVE-2024-5915 (CVSS rating: 5.2) – A privilege escalation (PE) vulnerability within the GlobalProtect app on Home windows units that allows an area person to execute packages with elevated privileges
- CVE-2024-5916 (CVSS rating: 6.0) – An data publicity vulnerability in PAN-OS software program that allows an area system administrator to entry secrets and techniques, passwords, and tokens of exterior programs
Customers are really useful to replace to the most recent model to mitigate potential dangers. As a precautionary measure, it is also suggested to revoke the secrets and techniques, passwords, and tokens which might be configured in PAN-OS firewalls after the improve.
