CVE-2024-28986 (CVSS 9.8): SolarWinds Web Help Desk Users Must Patch Now!

CVE-2024-28986

SolarWinds has released an urgent security advisory regarding a critical vulnerability in its Web Help Desk software. The vulnerability, designated CVE-2024-28986, allows for Java Deserialization Remote Code Execution, potentially granting unauthorized users the ability to run arbitrary commands on the affected system. The vulnerability holds a CVSS score of 9.8, underscoring its severity and the urgent need for remediation.

Although initially reported as unauthenticated, SolarWinds’ subsequent testing indicated successful exploitation requires authentication. Nonetheless, in light of the potential impact, the company strongly recommends all Web Help Desk customers apply the available patch without delay.

Affected Versions and Resolution

All versions of SolarWinds Web Help Desk prior to 12.8.3 HF 1 are susceptible to this vulnerability. The recommended course of action is to upgrade immediately to version 12.8.3 HF 1. This update includes critical security enhancements and addresses the identified vulnerability. Additionally, a manual configuration file modification is required as part of the remediation process.

This hotfix adds or modifies the following files:

  • It adds the following file in the <WebHelpDesk>\bin\tomcat\lib directory:

    whd-security.jar

  • If modifies the following jar files in the <WebHelpDesk>/bin/webapps/helpdesk/WEB-INF/lib/ directory:

    whd-core.jar
    whd-web.jar

  • The following file in the <WebHelpDesk>/conf/ directory must be manually modified, as described in the following procedure:

    tomcat_server_template.xml

Immediate Action Required

Given the severity of CVE-2024-28986 and its potential for exploitation, it is imperative for organizations utilizing SolarWinds Web Help Desk to prioritize patching and configuration changes immediately. Failure to do so could result in unauthorized access, data breaches, and significant disruption to IT operations.

Related Posts: