CISA warns critical SolarWinds RCE bug is exploited in attacks

CISA warns critical SolarWinds RCE bug is exploited in attacks

August 16, 2024 at 12:40PM

CISA warns of attackers exploiting a critical vulnerability in SolarWinds’ Web Help Desk (WHD) software, allowing remote code execution. SolarWinds issued a hotfix, advising administrators to apply it, while also recognizing an issue for SAML Single Sign-On users. CISA mandates federal agencies to patch WHD servers by September 5. SolarWinds previously patched critical flaws in Access Rights Manager and Serv-U software.

From the meeting notes:

– CISA warned of attackers exploiting a recently patched critical vulnerability in SolarWinds’ Web Help Desk solution known as CVE-2024-28986.

– SolarWinds issued a hotfix for the vulnerability the day before CISA’s warning, recommending all administrators to apply the fix to vulnerable devices. However, it did not disclose any information about in-the-wild exploitation.

– SolarWinds also published a support article with detailed instructions on applying and removing the hotfix and instructed admins to upgrade vulnerable servers to Web Help Desk 12.8.3.1813 before installing the hotfix.

– CISA mandated federal agencies to patch their WHD servers within three weeks, until September 5, as required by the Binding Operational Directive (BOD) 22-01.

– SolarWinds’ IT management products are being used by more than 300,000 customers worldwide, and earlier this year, the company patched over a dozen critical remote code execution (RCE) flaws in its Access Rights Manager (ARM) software.

Please let me know if you need further clarification or additional information.

Full Article