CISA Warning: SolarWinds’ RCE Vulnerability Being Exploited

Concerns have been raised by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) over the potential exploitation of a serious vulnerability in SolarWinds’ Web Help Desk solution that was just patched. Large enterprises, government agencies, and organizations in the healthcare and education sectors frequently utilize this software to manage help desk tasks.

A hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability impacting the Web Help Desk (WHD), was made available by SolarWinds on August 13, 2024. WHD is a popular IT service management tool used for tracking and managing support issues in a variety of sectors. A Java deserialization bug is the source of this vulnerability, which could allow a remote attacker to run arbitrary code on vulnerable devices.

Although the vulnerability was first discovered by SolarWinds as an unauthenticated issue, the company claimed that throughout testing, they were unable to replicate it.

Additionally, the company stated that if SAML Single Sign-On (SSO) is being used, the hotfix should not be applied. The issue will soon have a new fix available. Administrators should upgrade vulnerable servers to Web Help Desk 12.8.3.1813 before applying the hotfix, according to a support post released by SolarWinds that includes comprehensive instructions on how to do so. To prevent potential problems if the hotfix deployment fails or is not deployed successfully, it was also advised to make backups of the original files before replacing them during the installation process.

Following the Binding Operational Directive (BOD), CISA added CVE-2024-28986 to its list of known exploited vulnerabilities (KEVs), requiring federal agencies to patch their WHD servers by September 5 at the latest.