On 13 August 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialisation flaw, which could enable a remote attacker to execute arbitrary code on vulnerable hosts.
While the vulnerability was initially reported to SolarWinds as an unauthenticated issue, the company stated they were unable to reproduce it without authentication during testing.
Arctic Wolf has not observed any instances of this vulnerability being exploited in the wild, nor are there any known Proof of Concept (PoC) exploits published. Although WHD has not previously been directly targeted for specific vulnerabilities, SolarWinds has been a target of threat actors in the past. For example, in 2020, . Given the potential for RCE with this vulnerability, it may attract the attention of threat actors in the near future.
Recommendation for CVE-2024-28986
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version and apply the hotfix.
| Product | Affected Version | Fixed Version |
| SolarWinds Web Help Desk | All versions prior to 12.8.3 | 12.8.3 w/ hotfix |
- Instructions for applying the hotfix can be found in the .
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the?latest security incidents and trends?from Arctic Wolf Labs.?
Explore the latest global threats with the?2024 Arctic Wolf Labs Threats Report.?
