DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk
Our reference | DIVD-2024-00042 |
Case lead | Alwin Warringa |
Researcher(s) |
|
CVE(s) | |
Products |
|
Versions |
|
Recommendation | Update to version 12.8.3 HF3 |
Patch status | Patch available |
Workaround | none |
Status | Open |
Last modified | 30 Oct 2024 13:36 CET |
Summary
Solarwinds Web Help Desk, has disclosed two critical security vulnerabilities affecting versions released prior to 12.8.3 HF2. The vulnerability, identified as CVE-2024-28987, involves a hardcoded credential vulnerability allowing remote unauthenticated user to access internal functionality and modify data. The other vulnerabilities, identified as CVE-2024-28987 and CVE-2024-28988, susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
Recommendations
To remediate CVE-2024-28986, CVE-2024-28987 and CVE-2024-28988, update to version 12.8.3 HF3. You can find a link to the Solarwinds Web Helpdesk bulletin at the bottom of this post. Please note that applying the hotfix requires some manual steps which are explained in the security bulletin.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of Solarwinds Web Helpdesk and to notify these parties.
Timeline
Date | Description |
---|---|
24 Sep 2024 | DIVD starts researching the vulnerability. |
18 Oct 2024 | DIVD finds fingerprint, preparing to scan. |
18 Oct 2024 | Case opened and starting first scan. |
30 Oct 2024 | Starting second scan. |
30 Oct 2024 | Mails sent out. |