SolarWinds Addresses Critical Vulnerability in Web Help Desk Software

August 22, 2024

SolarWinds, a major provider of IT management products to over 300,000 customers globally, has patched a critical vulnerability in its Web Help Desk (WHD) software. WHD is a widely used IT help desk software, utilized by government agencies, large corporations, and organizations in healthcare and education to automate and streamline help desk management tasks.

The security flaw, identified as CVE-2024-28987, was discovered by Zach Hanley, a vulnerability researcher at Horizon3.ai. This vulnerability could allow unauthenticated attackers to access internal functions and alter data on targeted devices if successfully exploited. Despite the release of a hotfix, SolarWinds has not yet published a security advisory for this WHD vulnerability on its Trust Center. It also remains unclear whether CVE-2024-28987 was exploited in the wild prior to the release of Web Help Desk 12.8.3 Hotfix 2.

To address the vulnerability, SolarWinds has provided detailed instructions on how to install and remove the hotfix. The company warns system administrators to upgrade vulnerable servers to Web Help Desk 12.8.3.1813 or 12.8.3 HF1 before deploying the hotfix. It also advises creating backups of all original files before replacing them during the hotfix installation process to avoid potential problems if the hotfix fails or is not correctly applied.

The hotfix also includes a fix for another critical WHD remote code execution vulnerability, CVE-2024-28986, which was addressed with a separate hotfix on August 14. The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog and has mandated federal agencies to patch all WHD servers on their network by September 5, as required by the Binding Operational Directive (BOD) 22-01. CISA warned that, 'These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.'

Earlier in the year, SolarWinds patched over a dozen critical remote code execution (RCE) flaws in its Access Rights Manager (ARM) software—five in February and eight in July. In June, cybersecurity firm GreyNoise also alerted that threat actors were exploiting a SolarWinds Serv-U path-traversal vulnerability shortly after SolarWinds released a hotfix.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.