Technology News
SolarWinds Web Help Desk Vulnerability Added to CISA's Exploited Vulnerabilities Catalog
24 August 2024
|
Zaker Adham
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical vulnerability in SolarWinds Web Help Desk in its Known Exploited Vulnerabilities (KEV) catalog.
This vulnerability, tracked as CVE-2024-28986 and given a high severity CVSS score of 9.8, poses a significant threat to organizations using the software.
The vulnerability is rooted in a Java deserialization issue that could allow attackers to execute remote code on an unpatched system. While SolarWinds has released a patch to address this flaw, the company noted that despite thorough testing, they could not reproduce the issue without authentication. Nevertheless, the company urges all Web Help Desk users to apply the latest update, WHD 12.8.3, and follow the provided hotfix installation steps to ensure their systems are protected.
SolarWinds Web Help Desk is a widely used solution for Help Desk Ticketing and Asset Management, particularly among large enterprises and government agencies. Given the critical nature of this vulnerability, CISA has mandated that federal agencies secure their networks by fixing this vulnerability by September 5, 2024, as per Binding Operational Directive (BOD) 22-01.
In addition to federal agencies, cybersecurity experts recommend that private organizations also review the KEV catalog and take necessary measures to safeguard their infrastructure against potential exploitation of this and other listed vulnerabilities.
For more detailed instructions on how to install the hotfix, users can visit SolarWinds' official support page.