SolarWinds has released a hotfix on 8/9/2024 to address a critical Java deserialization vulnerability (CVE-2024-28986) in its Web Help Desk platform, with a CVSS score of 9.8 [4] [6].
Description
This vulnerability, identified as ID 205618, could potentially allow attackers to execute commands on the host machine [6] [7]. The flaw impacts all versions of Web Help Desk up to 12.8.3 [4], and SolarWinds has fixed it in hotfix version 12.8.3 HF 1. The CISA has set a deadline of 9/5/2024 for addressing this known exploited vulnerability [3]. While SolarWinds has not been able to replicate the vulnerability without authentication [1] [2] [6], they stress the importance of immediate patching. The developers recommend installing the latest version of WHD to mitigate this risk [5]. Customers are advised to upgrade to version 12.8.3 and apply the provided hotfix immediately. It is recommended to ensure that Web Help Desk is installed on a server protected from unauthorized access to prevent exploitation of the flaw. Detailed instructions for upgrading [6], installing the hotfix [5] [6], and backing up files before applying the patch have been provided by SolarWinds. The patch is now available for download [2].
Conclusion
Customers are urged to take immediate action to upgrade to version 12.8.3 and apply the hotfix to protect against potential exploitation. It is crucial to follow the provided instructions carefully to ensure the security of the Web Help Desk platform. Failure to address this vulnerability could result in unauthorized access and potential harm to the host machine.
References
[1] https://www.scmagazine.com/brief/critical-solarwinds-web-help-desk-flaw-addressed
[2] https://www.tenable.com/cve/CVE-2024-28986
[3] https://www.tenable.com/plugins/nessus/205618
[4] https://thehackernews.com/2024/08/solarwinds-releases-patch-for-critical.html
[5] https://www.heise.de/en/news/Solwarwind-s-Web-Help-Desk-Malicious-code-can-infect-host-system-9836308.html
[6] https://www.infosecurity-magazine.com/news/solarwinds-upgrade-critical-rce-bug/
[7] https://www.helpnetsecurity.com/2024/08/15/cve-2024-28986/