SolarWinds Web Help Desk Critical Vulnerability Patched: CVE-2024-28986
Critical RCE Vulnerability Patched in WHD Solution
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk (WHD) solution, tracked as CVE-2024-28986. The vulnerability, which has a CVSS score of 9.8 out of 10, could allow remote attackers to execute arbitrary code on affected systems.
What is the vulnerability?
The vulnerability resides in the SolarWinds WHD web interface. A specially crafted HTTP request could allow an unauthenticated attacker to bypass authentication and execute arbitrary code on the target system.
Who is affected?
All versions of SolarWinds WHD are affected by this vulnerability. This includes both on-premises and cloud-hosted deployments.
What is SolarWinds doing?
SolarWinds has released patches to address this vulnerability. Customers are strongly urged to apply the patches as soon as possible.
What can customers do?
Customers should take the following steps to mitigate the risk of exploitation:
- Apply the patches released by SolarWinds.
- Disable the WHD web interface if it is not required.
- Implement network segmentation to isolate WHD from other systems.
- Use strong passwords and enable two-factor authentication.
- Monitor for any suspicious activity.
Additional resources
For more information on this vulnerability, please refer to the following resources:
Comments