On 15 October 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialisation flaw, which could enable a remote unauthenticated attacker to execute arbitrary code on vulnerable hosts.
Arctic Wolf has not observed any instances of this vulnerability being exploited in the wild, nor are there any known Proof of Concept (PoC) exploits published. This week, CISA warned that threat actors are actively exploiting a recently disclosed hardcoded credential vulnerability in WHD, CVE-2024-28987. Given the recent targeting of WHD and its potential for RCE, CVE-2024-28988 is likely to draw further attention from threat actors in the near future.
Recommendation for CVE-2024-28988
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Web Help Desk (WHD) | 12.8.3 HF2 and all previous versions | 12.8.3 HF3 |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
