Critical Rce Bug In Solarwinds Web Help Desk Fixed Cve 2024 28986

SolarWinds Web Help Desk Vulnerability: Patch Immediately

What is the vulnerability?

SolarWinds has fixed a critical vulnerability CVE-2024-28986 in its Web Help Desk WHD solution that may allow attackers to run commands on the host.

The vulnerability is rated 9.8 out of 10 in severity and exists in the software's REST API. An attacker could exploit the vulnerability by sending a specially crafted request to the API, which could allow them to execute arbitrary code on the target system.

Who is affected?

All versions of SolarWinds Web Help Desk WHD are affected by this vulnerability.

What should you do?

SolarWinds has released patches to address this vulnerability. Customers are urged to apply the patches as soon as possible.

Patch links:

• SolarWinds Security Advisory
• SolarWinds Knowledge Base Article

In addition to applying the patches, customers can also take the following steps to mitigate the risk of exploitation:

• Restrict access to the Web Help Desk WHD server to only authorized users.
• Disable the REST API if it is not being used.
• Implement a web application firewall to block malicious requests.

Additional information

For more information about this vulnerability, please see the following resources:

• NIST National Vulnerability Database
• US-CERT Alert