Critical SolarWinds Web Help Desk RCE Vulnerability Patched (CVE-2024-28986)
Summary
SolarWinds has released security patches to address a critical vulnerability in its Web Help Desk (WHD) solution. Tracked as CVE-2024-28986, this vulnerability could allow attackers to execute arbitrary commands on affected systems.
This vulnerability affects all versions of SolarWinds WHD and is rated as critical due to its potential impact and ease of exploitation.
Technical Details
CVE-2024-28986 is a remote code execution (RCE) vulnerability that exists due to improper input validation in SolarWinds WHD. An attacker could exploit this vulnerability by sending a specially crafted request to an affected system, allowing them to execute arbitrary commands with system-level privileges.
Impact
Successful exploitation of this vulnerability could allow an attacker to:
- Execute arbitrary commands on the affected system
- Install or modify software
- Create or delete user accounts
- Access sensitive data
Mitigation
SolarWinds has released security patches to address this vulnerability. Customers are strongly advised to apply these patches immediately.
The following versions of SolarWinds WHD are affected by this vulnerability:
- All versions
Customers can download the security patches from the SolarWinds website:
https://www.solarwinds.com/security-advisoriesTimeline
- August 14, 2024: SolarWinds discloses CVE-2024-28986
- August 15, 2024: SolarWinds releases security patches
Additional Information
For more information on this vulnerability, please refer to the following resources:
- SolarWinds Security Advisory for CVE-2024-28986
- National Vulnerability Database entry for CVE-2024-28986
Comments