CISA warned on Thursday that attackers are exploiting a lately patched important vulnerability in SolarWinds’ Internet Assist Desk answer for buyer assist.
Internet Assist Desk (WHD) is IT assist desk software program broadly utilized by massive firms, authorities companies, and healthcare and schooling organizations worldwide to centralize, automate, and streamline assist desk administration duties.
Tracked as CVE-2024-28986, this Java deserialization safety flaw permits risk actors to achieve distant code execution on weak servers and run instructions on the host machine following profitable exploitation.
SolarWinds issued a hotfix for the vulnerability on Wednesday, a day earlier than CISA’s warning. Nonetheless, the corporate didn’t disclose any details about in-the-wild exploitation, though it beneficial all directors apply the repair to weak gadgets.
“While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available,” SolarWinds mentioned.
“WHD 12.8.3 Hotfix 1 should not be applied if SAML Single Sign-On (SSO) is utilized. A new patch will be available shortly to address this problem.”
SolarWinds additionally printed a assist article with detailed directions on making use of and eradicating the hotfix, warning that admins should improve weak servers to Internet Assist Desk 12.8.3.1813 earlier than putting in the hotfix.
The corporate recommends creating backups of the unique recordsdata earlier than changing them throughout the set up course of to keep away from potential points if the hotfix deployment fails or the hotfix is not utilized accurately.
CISA added CVE-2024-28986 to its ts KEV catalog on Thursday, mandating federal companies to patch their WHD servers inside three weeks, till September 5, as required by the Binding Operational Directive (BOD) 22-01.
Earlier this yr, SolarWinds additionally patched over a dozen important distant code execution (RCE) flaws in its Entry Rights Supervisor (ARM) software program, eight in July and 5 in February.
In June, cybersecurity agency GreyNoise warned that risk actors have been already exploiting a SolarWinds Serv-U path-traversal vulnerability, simply two weeks after SolarWinds launched a hotfix and days after proof-of-concept (PoC) exploits have been printed on-line.
SolarWinds says that the corporate’s IT administration merchandise are being utilized by greater than 300,000 prospects worldwide.
