CISA Warns Of Active Exploitation Of SolarWinds Web Help Desk Vulnerability

US CISA warns users about possible exploitation of a SolarWinds Web Help Desk vulnerability. Exploiting the flaw allows an adversary to execute arbitrary codes on the target system.

SolarWinds Help Desk Vulnerability Actively Exploited – Warns CISA

Reportedly, a serious security vulnerability affected SolarWinds Web Help Desk, which exposed vulnerable systems to code execution attacks.

Identified as CVE-2024-28986, the vulnerability is a “Java deserialization,” allowing an unauthenticated attacker to execute arbitrary commands on the target system.

The vulnerability has received a critical severity rating and a CVSS score of 9.8.

Given its severity, the US CISA recently added this flaw to its Known Exploited Vulnerabilities Catalog, urging users to patch their systems according to the vendors’ instructions. Although CISA’s update doesn’t mention any known exploitation campaigns for this flaw, security researchers speculate that the vulnerability may have been under active attack in the wild as a zero-day.

SolarWinds Already Issued A Hotfix

While the vulnerability supposedly allows attacks from unauthenticated adversaries, SolarWinds claims otherwise. According to its advisory, the firm could not reproduce the exploit without authentication, which suggests that the vulnerability may not be as severe as believed.

While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.

Nonetheless, the firm still addressed the flaw with a hotfix, urging users to update their systems immediately.

However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

To install the hotfix, SolarWinds recommends users first upgrade their systems to Web Help Desk 12.8.3.

Moreover, the firm advises users to deploy the hotfix only to systems with public-facing WHD deployments. For other cases where the WHD deployment isn’t on a public-facing server, SolarWinds suggests users wait for the next hotfix.

Besides, SolarWinds also recommends users not deploy the hotfix where SAML Single Sign-On (SSO) is in use.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients