>
SolarWinds Urges Patch for Critical Web Help Desk Vulnerability: CISA Warning
What You Need to Know
- SolarWinds has released a hotfix to address a critical-severity vulnerability in its Web Help Desk software.
- The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to patch the vulnerability immediately.
- Attackers are actively exploiting the vulnerability to gain access to vulnerable systems.
SolarWinds has released a security advisory urging customers to patch a critical vulnerability in its Web Help Desk application. The vulnerability, tracked as CVE-2022-24920, could allow remote attackers to execute arbitrary code with system-level privileges on affected systems.
CISA has issued a warning about the vulnerability, stating that it is being actively exploited by attackers. The agency is urging organizations to patch their systems immediately.
The vulnerability affects SolarWinds Web Help Desk versions 12.5 and earlier. SolarWinds has released hotfix 12.5.1 to address the vulnerability.
Steps to Take:
- Check if you are running a vulnerable version of SolarWinds Web Help Desk.
- If you are running a vulnerable version, download and install the hotfix from SolarWinds.
- Restart your Web Help Desk application after installing the hotfix.
Additional Information:
Here are some additional details about the vulnerability:
- The vulnerability is caused by an improper deserialization of Java objects in the Web Help Desk application.
- The vulnerability can be exploited by sending a specially crafted HTTP request to a vulnerable system.
- Attackers can exploit the vulnerability to gain access to sensitive data, install malware, or launch other attacks.
For more information, please refer to the following resources: