Updates Since Last Security Bulletin:
- CVE-2024-28986 was added to CISA’s Known Exploited Vulnerabilities Catalog.
- A second hotfix has been released to address a newly disclosed critical vulnerability, CVE-2024-28987, which also includes a fix for CVE-2024-28986.
- The initial hotfix was found to cause functionality issues in Web Help Desk.
Summary
On August 21, 2024, SolarWinds released a second hotfix for SolarWinds Web Help Desk (WHD) version 12.8.3. This hotfix addresses a newly disclosed hardcoded credential vulnerability (CVE-2024-28987) that allows a remote, unauthenticated attacker to access internal functionality and modify data. Additionally, the hotfix resolves the Java deserialization remote code execution (RCE) vulnerability (CVE-2024-28986) disclosed the previous week and fixes functionality issues introduced by the first hotfix.
CVE-2024-28986 was added to CISA’s Known Exploited Vulnerabilities Catalog shortly after its disclosure. However, there is currently no evidence that CVE-2024-28987 has been exploited in the wild, and no Proof of Concept (PoC) exploits have been published for either vulnerability at this time. Given the significant access that can be gained by exploiting these vulnerabilities and the recent exploitation of CVE-2024-28986 in the wild, it is likely that threat actors will increasingly target these vulnerabilities in the near future.
Recommendation for CVE-2024-28986 & CVE-2024-28987
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version and apply the hotfix.
| Product | Affected Version | Fixed Version |
| SolarWinds Web Help Desk | All versions prior to 12.8.3 | 12.8.3 Hotfix 2 |
- Instructions for applying Hotfix 2 can be found in the SolarWinds hotfix article.
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
