Mitigation Instructions for CVE-2024-28987
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
1 min read
CyRisk Vulnerability Management Team : Feb 26, 2024 10:43:05 AM
SUBJECT: Mitigating CVE-2022-1292: Command Injection in OpenSSL c_rehash Script
TECH STACK: OpenSSL
DATE(S) ISSUED: 05/03/2022
NVD Last Modified: 11/06/2023
CRITICALITY: CRITICAL 9.8
OVERVIEW:
This document outlines the steps to mitigate the vulnerability (CVE-2022-1292) in the OpenSSL c_rehash script. This script, used on some operating systems, is susceptible to command injection due to improper sanitization of shell metacharacters. An attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script.
SOLUTION/MITIGATION:
Additional mitigation steps:
Confirmation & Additional Information:
REFERENCES:
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
Subject: Mitigating CVE-2017-1000486: Remote Code Execution Vulnerability in PrimeTek PrimeFaces
Subject: Mitigating Vulnerability in Unsupported Drupal 8.x