Critical SolarWinds Web Help Desk Vulnerability Under Active Exploitation
A critical vulnerability in SolarWinds Web Help Desk is being actively exploited by threat actors. Web Health Desk is a widely used application to help with IT management and help desk ticketing, and is extensively used by businesses of all sizes, including healthcare organizations.
The vulnerability affects Web Help Desk versions 12.8.3 and earlier, and is tracked as CVE-2024-28986. SolarWinds said the issue is a Java deserialization vulnerability that can potentially be exploited by an unauthenticated remote attacker to execute arbitrary commands on a host machine. The vulnerability has been assigned a CVSS severity score of 9.8 out of 10.
While the vulnerability was reported as an unauthenticated flaw, SolarWinds has conducted extensive testing and has not been able to exploit the flaw without prior authentication. SolarWinds issued a hotfix on Wednesday, and users are strongly advised to apply the hotfix to prevent exploitation, especially now that the vulnerability is being targeted by threat actors.
SolarWinds has released instructions for applying the hotfix, which includes first upgrading to Web Help Desk 12.8.3.1813 before applying the hotfix. SolarWinds said WHD 121.8.3 Hotfix 1 should not be applied if SAML Single Sign-On (SSO) is utilized. For those users, a new patch will be issued shortly to fix the issue.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerability (KEV) Catalog, although it is currently unclear which groups have been targeting the flaw and how widely the vulnerability is being exploited.
