BleepingComputer reports that organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing intrusions targeting SolarWinds Web Help Desk instances vulnerable to the critical Java deserialization flaw, tracked as CVE-2024-28986, which could be leveraged to facilitate remote code execution.
In-the-wild exploitation of the vulnerability should prompt federal agencies to apply remediations by Sep. 5, according to the CISA advisory. Such a warning comes a day after a hotfix was released by SolarWinds, which has not yet reported active targeting of the security issue at the time. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," noted SolarWinds, which committed to providing an updated patch to address the bug soon. SolarWinds has been reported to have fixed 13 RCE flaws impacting its Access Rights Manager software so far this year.
