SolarWinds Web Help Desk RCE (CVE-2024-28986)
Description
SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 1 contain a critical insecure deserialization vulnerability (CWE-502) that allows remote code execution. The application improperly handles Java serialized objects, enabling unauthenticated attackers to send maliciously crafted serialized payloads that execute arbitrary code when deserialized by the server. This vulnerability requires no user interaction and can be exploited remotely over the network.
Remediation
Immediately upgrade SolarWinds Web Help Desk to version 12.8.3 Hotfix 1 or later, which addresses this vulnerability. Follow these steps:
1. Download the latest version from the official SolarWinds Trust Center or support portal
2. Review the release notes and backup your current Web Help Desk installation and database
3. Schedule a maintenance window and notify users of the upgrade
4. Apply the update following SolarWinds' official upgrade documentation
5. Verify the installation by checking the version number in the application interface
6. Review system logs for any suspicious activity that may indicate prior exploitation
If immediate patching is not possible, implement network segmentation to restrict access to the Web Help Desk server to trusted IP addresses only, and monitor for unusual network traffic or deserialization attempts until the patch can be applied.