Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day

The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild.

SolarWinds zero-day

The US cybersecurity agency CISA on Thursday warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks.

The bug, tracked as CVE-2024-28986 (CVSS score of 9.8), is described as a Java deserialization remote code execution (RCE) issue that could allow attackers to run commands on the host machine.

This week, SolarWinds announced a hotfix that addresses the vulnerability, noting that authentication is required for successful exploitation, but without mentioning its in-the-wild exploitation.

“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing,” the company said in its advisory.

However, SolarWinds did recommend that all customers apply the available patch, which is compatible with Web Help Desk version 12.8.3.1813 only, urging users of previous iterations to upgrade as soon as possible. The flaw impacts versions 12.4 to 12.8 of the helpdesk solution.

The company has since updated its advisory to warn that the hotfix should not be applied to Web Help Desk installations if SAML Single Sign-On (SSO) is utilized.

On Thursday, roughly two days after SolarWinds announced the hotfix, CISA added CVE-2024-28986 to its Known Exploited Vulnerabilities (KEV) catalog, “based on evidence of active exploitation”.

While the agency did not provide details on the observed exploitation, the short window between public disclosure and the addition to KEV suggests that the vulnerability might have been exploited as a zero-day, security researchers speculate.

Advertisement. Scroll to continue reading.

Furthermore, they suggest that satellite communications companies Inmarsat and Viasat (which are mentioned in SolarWinds’ advisory) or one of their customers, might have been compromised through this bug.

As the Binding Operational Directive (BOD) 22-01 mandates, with CVE-2024-28986 added to KEV, federal agencies have until September 5 to identify and patch vulnerable SolarWinds Web Help Desk instances in their environments.

While BOD 22-01 only applies to federal agencies, all organizations are advised to review SolarWinds’ advisory and apply the necessary mitigations as soon as possible.

Related: SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

Related: Google Patches Android Zero-Day Exploited in Targeted Attacks

Related: Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks

Related: Windows Event Log Vulnerabilities Could Be Exploited to Blind Security Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights