A critical vulnerability affecting a SolarWinds product is being actively exploited to remotely execute malicious code on compromised servers. As the patch is available, users are advised to apply it immediately to secure their endpoints.
It was recently reported that SolarWinds’ Web Help Desk has a Java deserialization security vulnerability, allowing threat actors to execute code and commands remotely. The vulnerability is tracked as CVE-2024-28986 and has a severity rating of 9.8 (critical).
SolarWinds’ Web Help Desk is a web-based help desk software platform designed to manage IT service requests and streamline support operations. It offers features such as ticket management, asset management, change management, and knowledge base integration. The software enables IT teams to track and resolve issues more efficiently by automating workflows, assigning tickets, and providing self-service options for end users.
Evidence of abuse
SolarWinds released a patch last Wednesday and urged its users to install it, despite no evidence of in-the-wild exploits at the time.
“Although it was reported as an unauthenticated vulnerability, SolarWinds was unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is available now,” SolarWinds said.
“WHD 12.8. 3 Hotfix 1 should not be applied if SAML Single Sign-On (SSO) is being used. A new patch will be available soon to resolve this issue.” Before the fix is applied, users must upgrade their servers to 12.8. 3.1813.
A few days after the announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog, meaning there is evidence of in-the-wild exploitation. As a result, all federal agencies have until September 5 to patch vulnerable servers or stop using the tool altogether.
Via BleepingComputer