{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-081.pdf"
    },
    "title": "SolarWinds Web Help Desk Critical Remote Code Execution Vulnerability",
    "serial_number": "2024-081",
    "publish_date": "16-08-2024 08:41:49",
    "description": "On August 14, 2024, SolarWinds disclosed a critical remote code execution (RCE) vulnerability, CVE-2024-28986, affecting all versions of their Web Help Desk (WHD) software. The vulnerability, caused by a Java deserialization flaw, allows attackers to execute arbitrary commands on the affected system. The vulnerability has a CVSS score of 9.8.<br>\n",
    "url_title": "2024-081",
    "content_markdown": "---\ntitle: 'SolarWinds Web Help Desk Critical Remote Code Execution Vulnerability'\nnumber: '2024-081'\nversion: '1.0'\noriginal_date: 'August 14, 2024'\ndate: 'August 16, 2024'\n---\n\n_History:_\n\n* _16/08/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn August 14, 2024, SolarWinds disclosed a critical remote code execution (RCE) vulnerability, **CVE-2024-28986**, affecting all versions of their Web Help Desk (WHD) software [1]. The vulnerability, caused by a Java deserialization flaw, allows attackers to execute arbitrary commands on the affected system. The vulnerability has a CVSS score of 9.8.\n\n# Technical Details\n\nCVE-2024-28986 is a Java deserialization vulnerability that allows attackers to execute remote commands on the vulnerable system. Initially reported as an unauthenticated exploit, it was later confirmed to require authentication for exploitation [1].\n\n# Affected Products\n\n- All versions of SolarWinds Web Help Desk prior to 12.8.3 with hotfix applied.\n\n# Recommendations\n\nCERT-EU strongly recommends updating to the latest version (12.8.3) and applying the provided hotfix immediately. Additionally, create backup copies of original files before applying the patch.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>16/08/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On August 14, 2024, SolarWinds disclosed a critical remote code execution (RCE) vulnerability, <strong>CVE-2024-28986</strong>, affecting all versions of their Web Help Desk (WHD) software [1]. The vulnerability, caused by a Java deserialization flaw, allows attackers to execute arbitrary commands on the affected system. The vulnerability has a CVSS score of 9.8.</p><h2 id=\"technical-details\">Technical Details</h2><p>CVE-2024-28986 is a Java deserialization vulnerability that allows attackers to execute remote commands on the vulnerable system. Initially reported as an unauthenticated exploit, it was later confirmed to require authentication for exploitation [1].</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>All versions of SolarWinds Web Help Desk prior to 12.8.3 with hotfix applied.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating to the latest version (12.8.3) and applying the provided hotfix immediately. Additionally, create backup copies of original files before applying the patch.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/\">https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}