A important vulnerability in SolarWinds’ Net Assist Desk resolution for buyer assist may very well be exploited to realize distant code execution, the American enterprise software program developer warns in a safety advisory right this moment.
The corporate has launched a hotfix and says that the safety situation, tracked as CVE-2024-28986, is a Java deserialization that may enable an attacker to run instructions on a weak host machine.
Net Assist Desk (WHD) is an IT assist desk software program that centralizes, automates, and streamlines assist desk administration duties. It’s broadly utilized by massive companies, authorities organizations, healthcare, schooling, and assist desk facilities.
SolarWinds notes that CVE-2024-28986 was reported as a vulnerability that may very well be exploited with out authentication however its engineers had been in a position to reproduce it solely after authenticating.
Regardless of this, the vulnerability has a important severity rating of 9.8 and impacts all SolarWinds Net Assist Desk variations, besides the newest one, 12.8.3, if it has the hotfix utilized.
The seller recommends that each one WHD clients improve to the latest launch of the software program and apply the hotfix as quickly as potential.
Whereas it was reported as an unauthenticated vulnerability, SolarWinds has been unable to breed it with out authentication after thorough testing.
Nevertheless, out of an abundance of warning, we suggest all Net Assist Desk clients apply the patch, which is now obtainable.
The hotfix is accessible right here as a ZIP archive and requires Net Assist Desk 12.8.3.1813. Admins must manually add and modify particular information for the patch to work.
SolarWinds has printed a assist article that gives full directions on find out how to apply the hotfix in addition to take away it.
SolarWinds recommends creating backup copies of the unique information earlier than changing them, to keep away from potential bother within the case the hotfix was not utilized appropriately.