SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.
The company has released a hotfix and says that the security issue, tracked as CVE-2024-28986, is a Java deserialization that would allow an attacker to run commands on a vulnerable host machine.
Web Help Desk (WHD) is an IT help desk software that centralizes, automates, and streamlines help desk management tasks. It is widely used by large corporations, government organizations, healthcare, education, and help desk centers.
SolarWinds notes that CVE-2024-28986 was reported as a vulnerability that could be exploited without authentication but its engineers were able to reproduce it only after authenticating.
Despite this, the vulnerability has a critical severity score of 9.8 and impacts all SolarWinds Web Help Desk versions, except the latest one, 12.8.3, if it has the hotfix applied.
The vendor recommends that all WHD customers upgrade to the newest release of the software and apply the hotfix as soon as possible.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
The hotfix is available here as a ZIP archive and requires Web Help Desk 12.8.3.1813. Admins have to manually add and modify specific files for the patch to work.
SolarWinds has published a support article that provides complete instructions on how to apply the hotfix as well as remove it.
SolarWinds recommends creating backup copies of the original files before replacing them, to avoid potential trouble in the case the hotfix was not applied correctly.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024