SolarWinds has released a critical hotfix addressing multiple vulnerabilities in its Web Help Desk (WHD) software. This update is crucial for all users to ensure the security and functionality of their systems.
SolarWinds has issued a patch for a recently identified Java Deserialization Remote Code Execution vulnerability in its Web Help Desk software. This vulnerability could allow attackers to execute arbitrary commands on the host machine if exploited.
The latest hotfix, designed for Web Help Desk version 12.8.3, resolves two critical vulnerabilities:
There is a broken access control remote code execution and a hardcoded credential vulnerability. Additionally, this update fixes important features that previous updates had broken.
Java Deserialization Remote Code Execution (CVE-2024-28986)
This Critical (9.8) vulnerability (CVE-2024-28986) could potentially allow attackers to execute arbitrary commands on the host machine. Although initially reported as an unauthenticated vulnerability, SolarWinds’ testing indicated that authentication is required. Nevertheless, users are strongly advised to apply the patch.
Although initially reported as an unauthenticated vulnerability, SolarWinds has been unable to replicate the issue without authentication after extensive testing.
Although initially reported as an unauthenticated vulnerability, further testing by SolarWinds indicated that authentication is required to exploit it. Despite this, users are strongly advised to apply the patch to ensure their systems are secure. This vulnerability was first fixed in Web Help Desk 12.8.3 Hotfix 1 and was credited to Inmarsat Government / Viasat.
Hardcoded Credential Vulnerability (CVE-2024-28987)
The second vulnerability, CVE-2024-28987, involves hardcoded credentials within the WHD software, which could enable unauthorized remote access and data modification.
A hardcoded credential vulnerability has been discovered in SolarWinds Web Help Desk (WHD) software, which could enable remote, unauthenticated users to gain access to internal functionality and modify data.
This vulnerability is rated with a severity of 9.1 and poses a significant risk to users. The fix for this issue was first introduced in 12.8.3 Hotfix 2, and Zach Hanley is credit for its discovery. SolarWinds advises all users to implement the hotfix promptly to mitigate these security risks.
The hotfix also addresses an SSO issue by adding more patterns and restoring the client application’s missing Upload Attachments, Cancel, and Save buttons.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial
Technical Details and Installation Instructions
Files Added or Modified:
- Added:
whd-security.jarinbintomcatlib - Modified:
whd-core.jarandwhd-web.jarin/bin/webapps/helpdesk/WEB-INF/lib/ - Manual Modification Required:
tomcat_server_template.xmlin/conf/
Installation Steps:
- Stop Web Help Desk.
- Navigate to the following directories and replace files:
/bin/tomcat/lib/ whd-security.jar/bin/webapps/helpdesk/WEB-INF/lib/ whd-core.jarandwhd-web.jar
- Modify
tomcat_server_template.xml:
- Add the specified XML tag for security patterns.
- Restart Web Help Desk.
Uninstallation Steps:
- Reverse the installation process by restoring backup files and restarting the service.
SolarWinds emphasizes the importance of applying this hotfix promptly to safeguard against potential exploits. The company extends gratitude to the security researchers who responsibly disclosed these vulnerabilities and collaborated on the fixes.
For detailed instructions and support, users are encouraged to visit the SolarWinds Success Center.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial