Mitigation Instructions for CVE-2024-28987
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
1 min read
CyRisk Vulnerability Management Team : Feb 23, 2024 4:42:36 PM
SUBJECT: Critical RCE Vulnerability (CVE-2023-6548) in Citrix NetScaler ADC & Gateway - Immediate Update Required
TECH STACK: Citrix NetScaler ADC and NetScaler Gateway versions 12.1 through 14.1 (excluding 12.1-55.302 and 13.1-37.176)
DATE(S) ISSUED: 01/17/2024
NVD Last Modified: 01/25/2024
CRITICALITY: HIGH (Base Score 8.8)
OVERVIEW:
A critical remote code execution (RCE) vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway due to improper control of code generation (code injection). This vulnerability allows attackers with authenticated access to NSIP, CLIP, or SNIP with the management interface to execute arbitrary code on the affected device. This vulnerability is actively exploited in the wild, posing a significant risk to organizations using vulnerable versions.
SOLUTION/MITIGATION:
Additional mitigation steps:
Confirmation & Additional Information:
REFERENCES:
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
Subject: Mitigating CVE-2017-1000486: Remote Code Execution Vulnerability in PrimeTek PrimeFaces
Subject: Mitigating Vulnerability in Unsupported Drupal 8.x