Security advisories

Critical SolarWinds Vulnerability Actively Exploited

August 19, 2024 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

The critical severity vulnerability CVE-2024-28986 (CVSS: 9.8), identified in SolarWinds' Web Help Desk (WHD) software, is a Remote Code Execution (RCE) flaw resulting from a Java deserialization issue. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on the host machine.

The vulnerability was initially disclosed on August 9th with a hotfix being released on August 13th. On August 15th, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-28986 to its Known Exploited Vulnerability (KEV) catalog. As this vulnerability is being actively exploited, it is critical organizations apply the hotfix immediately.

What we’re doing about it

What you should do about it

Additional information

It’s important to note that while the vulnerability was reported as an unauthenticated vulnerability, SolarWinds states that they have “been unable to reproduce it without authentication after thorough testing.” However, the vulnerability remains critical due to its potential impact and the widespread use of WHD in various industries. As such, SolarWinds still strongly encourages organizations to apply the latest hotfix.

While CISA has confirmed exploitation of CVE-2024-28986, they have not provided any details on real-world attacks. Additionally, eSentire has not observed exploitation at this time, and continues to track the threat for additional details and detection opportunities.

References:

[1] https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986 
[2] https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 
[3] https://www.cisa.gov/news-events/alerts/2024/08/15/cisa-adds-one-known-exploited-vulnerability-catalog 
[4] https://www.bleepingcomputer.com/news/security/cisa-warns-critical-solarwinds-rce-bug-is-exploited-in-attacks/

View Most Recent Advisories