Warning: SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability, Patch Immediately!
CVE-2024-28988: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
SolarWinds: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28988
Risks
An unauthenticated attacker can exploit this vulnerability by sending malicious inputs to execute arbitrary code on the server, allowing them to control the host machine. A successful attack can lead to a full takeover of the SolarWinds Web Help Desk server, affecting confidentiality, integrity, and availability.
A similar vulnerability in SolarWinds Web Help Desk is known to be actively exploited in the wild in less than 2 months. CVE-2024-28987, released on 21 August 2024, was added on the Known Exploited Vulnerabilities list of CISA on 15 October 2024.
Description
The vulnerability CVE-2024-28988 is a critical flaw affecting SolarWinds' products, specifically in the Web Help Desk platform. This vulnerability is associated with remote code execution (RCE) due to Java deserialization of untrusted data.
Exploitation of this vulnerability requires network access but does not require authentication, making it relatively easy for attackers to leverage, meaning that it requires no special privileges or user interaction, and has a low attack complexity.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.