BACK TO NEWS
Breaking NewsCritical

SolarWinds Addresses Critical RCE and Auth Bypass Flaws in Web Help Desk

2 min readSource: SecurityWeek

SolarWinds releases patches for four unauthenticated vulnerabilities in Web Help Desk, including remote code execution and authentication bypass risks.

SolarWinds Releases Critical Patches for Web Help Desk Vulnerabilities

SolarWinds has released security updates to address four critical vulnerabilities in its Web Help Desk (WHD) software, which could allow unauthenticated attackers to execute remote code or bypass authentication mechanisms.

Key Vulnerability Details

The flaws, which affect Web Help Desk version 12.8.3.1813 and earlier, include:

  • CVE-2024-28986 (CVSS 9.8) – Remote Code Execution (RCE) via deserialization of untrusted data.
  • CVE-2024-28987 (CVSS 9.1) – Authentication Bypass due to improper access control.
  • CVE-2024-28988 (CVSS 8.8) – Privilege Escalation via insecure file permissions.
  • CVE-2024-28989 (CVSS 7.5) – Information Disclosure through exposed sensitive data.

These vulnerabilities can be exploited without authentication, making them particularly severe for organizations running unpatched instances of WHD.

Impact and Exploitation Risks

Successful exploitation of these flaws could allow attackers to:

  • Execute arbitrary code with SYSTEM-level privileges (CVE-2024-28986).
  • Gain unauthorized access to the WHD admin interface (CVE-2024-28987).
  • Escalate privileges to perform further attacks (CVE-2024-28988).
  • Access sensitive configuration data (CVE-2024-28989).

Given the pre-authentication nature of these vulnerabilities, organizations using affected versions of Web Help Desk are at high risk of compromise if left unpatched.

Mitigation and Recommendations

SolarWinds has released Web Help Desk 12.8.3 Hotfix 2 to address these issues. Security teams should:

  1. Immediately upgrade to the latest patched version (12.8.3.1813 Hotfix 2).
  2. Isolate vulnerable instances from untrusted networks until patches are applied.
  3. Monitor for suspicious activity, particularly unusual authentication attempts or unexpected process executions.
  4. Review access controls to ensure only authorized personnel can interact with WHD.

For organizations unable to patch immediately, SolarWinds recommends disabling remote access to the Web Help Desk interface as a temporary mitigation.

Original report by Ionut Arghire via SecurityWeek.

Share

TwitterLinkedIn