August 16, 2024 at 12:40PM
CISA warns of attackers exploiting a critical vulnerability in SolarWinds’ Web Help Desk (WHD) software, allowing remote code execution. SolarWinds issued a hotfix, advising administrators to apply it, while also recognizing an issue for SAML Single Sign-On users. CISA mandates federal agencies to patch WHD servers by September 5. SolarWinds previously patched critical flaws in Access Rights Manager and Serv-U software.
From the meeting notes:
– CISA warned of attackers exploiting a recently patched critical vulnerability in SolarWinds’ Web Help Desk solution known as CVE-2024-28986.
– SolarWinds issued a hotfix for the vulnerability the day before CISA’s warning, recommending all administrators to apply the fix to vulnerable devices. However, it did not disclose any information about in-the-wild exploitation.
– SolarWinds also published a support article with detailed instructions on applying and removing the hotfix and instructed admins to upgrade vulnerable servers to Web Help Desk 12.8.3.1813 before installing the hotfix.
– CISA mandated federal agencies to patch their WHD servers within three weeks, until September 5, as required by the Binding Operational Directive (BOD) 22-01.
– SolarWinds’ IT management products are being used by more than 300,000 customers worldwide, and earlier this year, the company patched over a dozen critical remote code execution (RCE) flaws in its Access Rights Manager (ARM) software.
Please let me know if you need further clarification or additional information.