HomeCyber SecuritySolarWinds Releases Patch for Crucial Flaw in Net Assist Desk Software program – Cyber Tech

SolarWinds Releases Patch for Crucial Flaw in Net Assist Desk Software program – Cyber Tech

August 15, 2024

Aug 15, 2024Ravie LakshmananEnterprise Safety / Vulnerability

SolarWinds has launched patches to handle a crucial safety vulnerability in its Net Assist Desk software program that might be exploited to execute arbitrary code on inclined situations.

The flaw, tracked as CVE-2024-28986 (CVSS rating: 9.8), has been described as a deserialization bug.

“SolarWinds Net Assist Desk was discovered to be inclined to a Java deserialization distant code execution vulnerability that, if exploited, would enable an attacker to run instructions on the host machine,” the corporate stated in an advisory.

“Whereas it was reported as an unauthenticated vulnerability, SolarWinds has been unable to breed it with out authentication after thorough testing.”

The flaw impacts all variations of SolarWinds Net Assist Desk together with and previous to 12.8.3. It has been addressed in hotfix model 12.8.3 HF 1.

Cybersecurity

The disclosure comes as Palo Alto Networks patched a high-severity vulnerability affecting Cortex XSOAR that would lead to command injection and code execution.

Assigned the CVE identifier CVE-2024-5914 (CVSS rating: 7.0), the shortcoming impacts all variations of Cortex XSOAR CommonScripts earlier than 1.12.33.

“A command injection challenge in Palo Alto Networks Cortex XSOAR CommonScripts Pack permits an unauthenticated attacker to execute arbitrary instructions inside the context of an integration container,” the corporate stated.

“To be uncovered, an integration should make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.”

Additionally addressed by Palo Alto Networks are two moderate-severity points listed under –

  • CVE-2024-5915 (CVSS rating: 5.2) – A privilege escalation (PE) vulnerability within the GlobalProtect app on Home windows gadgets that permits a neighborhood consumer to execute packages with elevated privileges
  • CVE-2024-5916 (CVSS rating: 6.0) – An info publicity vulnerability in PAN-OS software program that permits a neighborhood system administrator to entry secrets and techniques, passwords, and tokens of exterior methods

Customers are beneficial to replace to the most recent model to mitigate potential dangers. As a precautionary measure, it is also suggested to revoke the secrets and techniques, passwords, and tokens which might be configured in PAN-OS firewalls after the improve.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

Related Posts

About The Author

admin

Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.

Add a Comment

Your email address will not be published. Required fields are marked *

x