SolarWinds has launched a hotfix for a important Internet Assist Desk vulnerability that enables attackers to log into unpatched programs utilizing hardcoded credentials.
Internet Assist Desk (WHD) is an IT assist desk software program extensively utilized by authorities companies, massive companies, and healthcare and training organizations to automate and streamline assist desk administration duties. SolarWinds’ IT administration merchandise are utilized by over 300,000 prospects worldwide.
The safety flaw (CVE-2024-28987) addressed this Wednesday permits unauthenticated attackers to entry inner performance and modify information on focused units following profitable exploitation. This vulnerability was found and reported by Zach Hanley, vulnerability researcher at Horizon3.ai.
SolarWinds has but to publish a safety advisory for this WHD vulnerability on its Belief Middle and has not disclosed whether or not CVE-2024-28987 was exploited within the wild earlier than Internet Assist Desk 12.8.3 Hotfix 2 was launched.
The corporate gives detailed directions on putting in and eradicating the hotfix, warning admins to improve weak servers to Internet Assist Desk 12.8.3.1813 or 12.8.3 HF1 earlier than deploying this week’s hotfix.
It additionally recommends creating backups of all authentic information earlier than changing them through the hotfix set up course of to keep away from potential points if the hotfix fails or is not utilized appropriately.
Hotfix additionally fixes actively exploited Internet Assist Desk RCE bug
The identical hotfix additionally contains the repair for a important WHD distant code execution vulnerability (CVE-2024-28986), which was addressed with one other hotfix on August 14 and was tagged by CISA as exploited in assaults two days later.
CISA added CVE-2024-28986 to its KEV catalog one week in the past, mandating federal companies to patch all WHD servers on their community by September 5, as required by the Binding Operational Directive (BOD) 22-01.
“These kinds of vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” the cybersecurity company warned.
Earlier this 12 months, SolarWinds patched over a dozen important distant code execution (RCE) flaws in its Entry Rights Supervisor (ARM) software program—5 in February and eight in July.
In June, cybersecurity agency GreyNoise additionally warned that risk actors have been exploiting a SolarWinds Serv-U path-traversal vulnerability shortly after SolarWinds launched a hotfix.