DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk
| Our reference | DIVD-2024-00042 |
| Case lead | Alwin Warringa |
| Researcher(s) |
|
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Update to version 12.8.3 HF3 |
| Patch status | Patch available |
| Workaround | none |
| Status | Closed |
| Last modified | 20 Nov 2024 20:37 CET |
Summary
Solarwinds Web Help Desk, has disclosed two critical security vulnerabilities affecting versions released prior to 12.8.3 HF2. The vulnerability, identified as CVE-2024-28987, involves a hardcoded credential vulnerability allowing remote unauthenticated user to access internal functionality and modify data. The other vulnerabilities, identified as CVE-2024-28987 and CVE-2024-28988, susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
Recommendations
To remediate CVE-2024-28986, CVE-2024-28987 and CVE-2024-28988, update to version 12.8.3 HF3. You can find a link to the Solarwinds Web Helpdesk bulletin at the bottom of this post. Please note that applying the hotfix requires some manual steps which are explained in the security bulletin.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of Solarwinds Web Helpdesk and to notify these parties.
Timeline
| Date | Description |
|---|---|
| 24 Sep 2024 | DIVD starts researching the vulnerability. |
| 18 Oct 2024 | DIVD finds fingerprint, preparing to scan. |
| 18 Oct 2024 | Case opened and starting first scan. |
| 30 Oct 2024 | Starting second scan. |
| 30 Oct 2024 | Mails sent out. |
| 20 Nov 2024 | DIVD sent out a second round of notifications. |
| 20 Nov 2024 | Case closed. |