SolarWinds Web Help Desk bug being actively attacked
Take action: If you are running Web Help Desk, review the patch instructions and test the patch. If your WHD is not exposed on the internet, you can wait for the full patch. Otherwise, upgrade to WHD 12.8.3, and then apply the hotfix.
Learn More
SolarWinds Web Help Desk (WHD) is under active exploitation of the critical vulnerability tracked as CVE-2024-28986 (CVSS score 9.8).
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog shortly after its disclosure, confirming in-the-wild exploitation. CISA has set a deadline of September 5 for federal agencies to patch affected systems or discontinue use of the software.
The flaw enables remote code execution (RCE) through a Java deserialization vulnerability, allowing attackers to execute arbitrary commands and potentially take full control of vulnerable systems.
SolarWinds has released a security patch, WHD 12.8.3 Hotfix 1, which should be applied immediately. SolarWinds recommends upgrading to version 12.8.3 before applying the hotfix. If the WHD servers are not publicly accessible, administrators are advised to delay the update until a revised patch is released due to known complications with this hotfix, particularly for deployments using SAML Single Sign-On (SSO). Applying the hotfix in such cases can disable the login service.
