While no active exploits have been reported yet, SolarWinds recommends a quick patch to stay ahead of adversaries. Zach Hanley, a vulnerability researcher credited with discovering the vulnerability promised more details.
“A serious vulnerability was reported to SolarWinds on Friday after digging into the latest CISA KEV CVE-2024-28986 for WebHelpDesk, they are surprised that they already sent a patch 4 days later!” Hanley wrote about X. “It will release some details next month.”
Additional Corrections
Along with fixing the WHD hard-coded authentication vulnerability, the hotfix, which means a small, targeted software update designed to address a specific vulnerability, also included an improved version of the latest hotfix that addresses CVE-2024-28986, 9.8 CVSS, remote, you are far away. coding vulnerabilities affecting the same product.
Source link