Alert essentials:
Critical vulnerabilities in SolarWinds Web Help Desk allow hackers access to unpatched systems and underlying functionality.

Apply hotfix 12.8.3 immediately.

Email Team

 

Detailed threat description:
A Java deserialization remote code execution flaw was found in SolarWinds Help Desk software. The deserialization allows bad actors to run commands on the host machine.

Additionally, hard-coded credentials were discovered in the Web Help Desk. Hackers can use the provided credentials to modify data and access internal functions. CVE-2024-28987 was seen in exploited attacks and added to CISA’s Known Exploitable vulnerabilities list. Deploy 12.8.3 HF2 to vulnerable hosts immediately.


Impacts on healthcare organizations:
These types of vulnerabilities are frequently used as entrance vectors to compromise systems further. Apply this hotfix promptly to protect against potential exploits and system downtime.


Affected products / versions:

SolarWinds Web Help Desk 12.8.3.1 and prior


CVEs

CVE-2024-28986
CVE-2024-28987


Recommendations

Engineering recommendations:

  • Backup all original files before replacing them with hotfix versions
  • Upgrade vulnerable servers to Web Help Desk 12.8.3.1813 or 12.8.3 HF1 before deploying 12.8.3 HF2
  • Apply hotfix 12.8.3 to SolarWinds Help Desk (12.8.3 HF2)

Leadership/ Program recommendations:

  • CISA strongly recommends all stakeholders include a requirement to immediately address KEV catalog vulnerabilities as part of their vulnerability management plan.
  • Consider implementing modifications to the change control policy if the current policy does not support emergency or out-of-band patching.

Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.

 

References: