SolarWinds Addresses Critical Vulnerability in Web Help Desk Software

August 22, 2024

SolarWinds, a major provider of IT management products to over 300,000 customers globally, has patched a critical vulnerability in its Web Help Desk (WHD) software. WHD is a widely used IT help desk software, utilized by government agencies, large corporations, and organizations in healthcare and education to automate and streamline help desk management tasks.

The security flaw, identified as CVE-2024-28987, was discovered by Zach Hanley, a vulnerability researcher at Horizon3.ai. This vulnerability could allow unauthenticated attackers to access internal functions and alter data on targeted devices if successfully exploited. Despite the release of a hotfix, SolarWinds has not yet published a security advisory for this WHD vulnerability on its Trust Center. It also remains unclear whether CVE-2024-28987 was exploited in the wild prior to the release of Web Help Desk 12.8.3 Hotfix 2.

To address the vulnerability, SolarWinds has provided detailed instructions on how to install and remove the hotfix. The company warns system administrators to upgrade vulnerable servers to Web Help Desk 12.8.3.1813 or 12.8.3 HF1 before deploying the hotfix. It also advises creating backups of all original files before replacing them during the hotfix installation process to avoid potential problems if the hotfix fails or is not correctly applied.

The hotfix also includes a fix for another critical WHD remote code execution vulnerability, CVE-2024-28986, which was addressed with a separate hotfix on August 14. The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog and has mandated federal agencies to patch all WHD servers on their network by September 5, as required by the Binding Operational Directive (BOD) 22-01. CISA warned that, 'These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.'

Earlier in the year, SolarWinds patched over a dozen critical remote code execution (RCE) flaws in its Access Rights Manager (ARM) software—five in February and eight in July. In June, cybersecurity firm GreyNoise also alerted that threat actors were exploiting a SolarWinds Serv-U path-traversal vulnerability shortly after SolarWinds released a hotfix.

Related News

• CISA Issues Warning: SolarWinds' RCE Vulnerability Being Exploited

Latest News

• Google Addresses Ninth Exploited Chrome Zero-Day Vulnerability of 2024
• Styx Stealer's Creator Unmasked Due to Operational Security Error
• Critical Vulnerability in LiteSpeed Cache WordPress Plugin Threatens Millions of Websites
• Critical Authentication Bypass Flaw Detected in GitHub Enterprise Server
• Microsoft's Copilot Studio Exposes Cloud Data Due to SSRF Bug