CISA Warns of Active Exploitation in SolarWinds Web Help Desk Vulnerability

CVE-2024-28986 exploitation SolarWinds Web Help Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical security vulnerability affecting SolarWinds Web Help Desk (WHD), a widely used IT help desk software. This vulnerability, now tracked as CVE-2024-28986 (CVSS 9.8), has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.

The flaw, a Java deserialization issue, could allow attackers to execute arbitrary commands on affected systems. Though initially reported as potentially exploitable without authentication, SolarWinds’ engineers were able to reproduce the issue only after authentication. However, the critical severity and evidence of active attacks emphasize the seriousness of this vulnerability.

SolarWinds Web Help Desk is a widely used IT help desk solution deployed across various sectors, including large corporations, government organizations, healthcare, education, and help desk centers. This widespread adoption makes the vulnerability particularly concerning, as successful exploitation could have far-reaching consequences.

Federal Agencies on Notice

In response to the active exploitation, CISA has added CVE-2024-28986 to its Known Exploited Vulnerabilities (KEV) catalog, a list of vulnerabilities that federal agencies are mandated to address within a specific timeframe. Federal agencies have been given a deadline of September 5, 2024, to patch their systems and mitigate the risk.

SolarWinds Issues Urgent Hotfix

SolarWinds has released a hotfix to address the vulnerability. All Web Help Desk customers are strongly advised to upgrade to the latest version (12.8.3) and apply the hotfix immediately. The hotfix requires manual installation and file modification, and SolarWinds has provided detailed instructions to guide administrators through the process.

Backup is Key

SolarWinds also recommends creating backup copies of original files before applying the hotfix, as a precautionary measure to avoid potential issues if the patch is not applied correctly.

Time is of the Essence

With active exploitation already underway, organizations cannot afford to delay patching. The potential impact of a successful attack is significant, and the window of opportunity for attackers is closing rapidly. Act now to protect your systems and data from this critical threat.

Related Posts: