CISA Warns Of SolarWinds Java Exploit

'These types of vulnerabilities are frequent attack vectors,' CISA says in a post online.

A government agency is warning about threat actors exploiting a Java deserialization remote code execution vulnerability in SolarWinds Web Help Desk.

The U.S. Cybersecurity and Infrastructure Security Agency has added the exploit to its Known Exploited Vulnerabilities Catalog under the code CVE-2024-28986, according to an online post by CISA.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” according to the post.

[RELATED: CISA Warns About ‘Increase’ In Attacks Targeting Snowflake Customers]

SolarWinds Exploit

CRN has reached out to Austin, Texas-based SolarWinds – a CRN 2024 Channel Chiefs member with about 1,600 channel partners worldwide – and CISA for comment.

Threat actors can use the exploit “to run commands on the host machine,” according to CISA.

“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing,” according to the agency.

SolarWinds first published an online note about the vulnerability on Tuesday.

In an online post, SolarWinds said that “out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available,” even though it can’t reproduce the exploit without authentication.

Other recent exploits CISA has warned about include a recent threat actor campaign targeting users of Snowflake, a VMware ESXi vulnerability and a Microsoft Windows privilege escalation vulnerability.