SolarWinds Critical Vulnerability - 20241001001

Overview

SolarWinds has released updates to address two critical vulnerabilities in their SolarWinds Web Help Desk product(s). These vulnerabilities could allow an attacker to perform Remote Code Executions and unauthorised access to internal functionality and modification of data.

What is vulnerable?

Product(s) Affected	Version(s)	CVE #	CVSS v4/v3	Severity
SolarWinds Web Help Desk	before 12.8.3	CVE-2024-28986 CVE-2024-28987	9.8 9.1	Critical Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• SolarWinds: https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2

Additional References

• Cybersecurity News: https://securityonline.info/critical-solarwinds-flaw-exposes-827-instances-poc-exploit-unveiled-for-cve-2024-28987/