SolarWinds

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.

The company has released a hotfix and says that the security issue, tracked as CVE-2024-28986, is a Java deserialization that would allow an attacker to run commands on a vulnerable host machine.

Web Help Desk (WHD) is an IT help desk software that centralizes, automates, and streamlines help desk management tasks. It is widely used by large corporations, government organizations, healthcare, education, and help desk centers.

SolarWinds notes that CVE-2024-28986  was reported as a vulnerability that could be exploited without authentication but its engineers were able to reproduce it only after authenticating.

Despite this, the vulnerability has a critical severity score of 9.8 and impacts all SolarWinds Web Help Desk versions, except the latest one, 12.8.3, if it has the hotfix applied.

The vendor recommends that all WHD customers upgrade to the newest release of the software and apply the hotfix as soon as possible.

While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  

However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

The hotfix is available here as a ZIP archive and requires Web Help Desk 12.8.3.1813. Admins have to manually add and modify specific files for the patch to work.

SolarWinds has published a support article that provides complete instructions on how to apply the hotfix as well as remove it.

SolarWinds recommends  creating backup copies of the original files before replacing them, to avoid potential trouble in the case the hotfix was not applied correctly.

Related Articles:

Palo Alto Networks warns of potential PAN-OS RCE vulnerability

SolarWinds Web Help Desk flaw is now exploited in attacks

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws

Microsoft Exchange adds warning to emails abusing spoofing flaw