CISA warns that SolarWinds Web Help Desk flaw is actively exploited
Take action: The time for delaying has passed - You need to patch your SolarWinds WHD ASAP - there is PoC and active attacks by hackers. You will be attacked.
Learn More
CISA is reporting active exploitation of a flaw in SolarWinds Web Help Desk (WHD). The vulnerability, tracked as CVE-2024-28987 (CVSS score 9.1), is a hardcoded credential flaw that enables remote, unauthenticated attackers to access internal WHD functionality and modify sensitive data.
Approximately 830 WHD instances are exposed to the internet, primarily in the state, local, and education (SLED) sectors.
SolarWinds released multiple hotfixes to patch the issue
- WHD 12.8.3 Hotfix 1 to address CVE-2024-28986, a Java deserialization vulnerability allowing remote code execution (RCE). This hotfix was later removed due to issues with SAML Single Sign-On (SSO) functionality.
- August 21, 2024: SolarWinds released WHD 12.8.3 Hotfix 2, addressing both CVE-2024-28986 and introducing fixes for the previous functionality issues.
- August 21, 2024: SolarWinds disclosed CVE-2024-28987, alerting users to the security issue.
Organizations using SolarWinds WHD should apply WHD 12.8.3 Hotfix 3, which consolidates patches for both CVE-2024-28986 and CVE-2024-28987, and resolves issues from previous hotfixes.
