Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create DIVD-2024-00042.md #858

Merged
merged 8 commits into from
Oct 26, 2024
Merged

Create DIVD-2024-00042.md #858

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c9f9000
Create DIVD-2024-00042.md
sT0wn-nl Oct 18, 2024
b6940ba
Update DIVD-2024-00042.md
sT0wn-nl Oct 18, 2024
76969eb
Update DIVD-2024-00042.md
sT0wn-nl Oct 18, 2024
529ae5f
Update DIVD-2024-00042.md
sT0wn-nl Oct 18, 2024
be927b8
Update _cases/2024/DIVD-2024-00042.md
sT0wn-nl Oct 21, 2024
7c39515
Update _cases/2024/DIVD-2024-00042.md
sT0wn-nl Oct 21, 2024
f7e0a7a
Update _cases/2024/DIVD-2024-00042.md
sT0wn-nl Oct 21, 2024
e962a67
Update DIVD-2024-00042.md
sT0wn-nl Oct 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions _cases/2024/DIVD-2024-00042.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
layout: case
title: "Multiple critical vulnerabilities in Solarwinds Web Help Desk"
author: Alwin Warringa
lead: Alwin Warringa
excerpt: "The SolarWinds Web Help Desk software is affected by three critical vulnerabilities, allowing remote unauthenticated user to access internal functionality and run commands on the host machine."
researchers:
- Alwin Warringa
- Joop ter Wal
- Victor Pasman
cves:
- CVE-2024-28986
- CVE-2024-28987
- CVE-2024-28988
product:
- Solarwinds Web Help Desk
versions:
- Solarwinds Web Help Desk 12.8.3 HF1 and all previous versions
recommendation: "Update to version 12.8.3 HF3"
workaround: "none"
patch_status: Patch available
status : Open
start: 2024-09-24
timeline:
- start: 2024-09-24
end:
event: "DIVD starts researching the vulnerability."
- start: 2024-10-18
end:
event: "DIVD finds fingerprint, preparing to scan."
- start: 2024-10-18
end:
event: "Case opened and starting first scan."
---

## Summary
Solarwinds Web Help Desk, has disclosed two critical security vulnerabilities affecting versions released prior to 12.8.3 HF2. The vulnerability, identified as {% cve CVE-2024-28987 %}, involves a hardcoded credential vulnerability allowing remote unauthenticated user to access internal functionality and modify data. The other vulnerabilities, identified as {% cve CVE-2024-28987 %} and {% cve CVE-2024-28988 %}, susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.

## Recommendations

To remediate {% cve CVE-2024-28986 %}, {% cve CVE-2024-28987 %} and {% cve CVE-2024-28988 %}, update to version 12.8.3 HF3. You can find a link to the Solarwinds Web Helpdesk bulletin at the bottom of this post. Please note that applying the hotfix requires some manual steps which are explained in the security bulletin.

## What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of Solarwinds Web Helpdesk and to notify these parties.

{% include timeline.html %}

## More information

* {% cve CVE-2024-28986 %}
* {% cve CVE-2024-28987 %}
* {% cve CVE-2024-28988 %}
* [Solarwinds Web Helpdesk Security Bulletin](https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2)