SolarWinds Web Help Desk Hit With Critical RCE Flaw (CVE-2024-28988, CVSS 9.8)

by do son · October 17, 2024

SolarWinds, a major provider of IT management software, has issued a security advisory addressing a severe vulnerability in its Web Help Desk (WHD) platform. The vulnerability, tracked as CVE-2024-28988, has a CVSS score of 9.8, making it a critical threat. This flaw, if exploited, could allow remote attackers to execute arbitrary commands on the host system, raising alarms across industries reliant on the platform, including government agencies, large corporations, and healthcare organizations.

The vulnerability stems from a Java Deserialization issue, which exposes the Web Help Desk software to remote code execution attacks. According to SolarWinds, this flaw could allow an unauthenticated attacker to run malicious commands on the system hosting the Web Help Desk, giving them near-unrestricted access. The discovery was made by the Trend Micro Zero Day Initiative (ZDI), which had previously identified another vulnerability in the same software.

In SolarWinds’ official advisory, the company emphasized the critical nature of CVE-2024-28988: “SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.” The company strongly advises customers to apply the patch immediately to mitigate the risk.

The vulnerability affects all versions of SolarWinds Web Help Desk prior to version 12.8.3 HF3. SolarWinds has since released the updated version to address this critical flaw. Customers running SolarWinds Web Help Desk 12.8.3 HF2 or earlier are strongly urged to update to the latest version to secure their systems.

“We recommend all Web Help Desk customers apply the patch, which is now available,” SolarWinds advises in the report.

Adding to the urgency of the situation is the fact that SolarWinds’ products have already been targeted by attackers. Recently, SolarWinds also addressed another critical vulnerability, CVE-2024-28987, which involves hardcoded credentials. The hardcoded username and password—”helpdeskIntegrationUser” and “dev-C4F8025E7″—could allow unauthorized remote attackers to access Web Help Desk endpoints, modifying or extracting sensitive data.