On August 13, 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialization flaw, which could enable a remote attacker to execute arbitrary code on vulnerable hosts.
While the vulnerability was initially reported to SolarWinds as an unauthenticated issue, the company stated they were unable to reproduce it without authentication during testing.
Arctic Wolf has not observed any instances of this vulnerability being exploited in the wild, nor are there any known Proof of Concept (PoC) exploits published. Although WHD has not previously been directly targeted for specific vulnerabilities, SolarWinds has been a target of threat actors in the past. For example, in 2020, Russian-linked threat actors installed backdoors on systems belonging to organizations in SolarWinds’ supply chain. Given the potential for RCE with this vulnerability, it may attract the attention of threat actors in the near future.
Recommendation for CVE-2024-28986
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version and apply the hotfix.
| Product | Affected Version | Fixed Version |
| SolarWinds Web Help Desk | All versions prior to 12.8.3 | 12.8.3 w/ hotfix |
- Instructions for applying the hotfix can be found in the SolarWinds hotfix article.
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
