CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-28986

Medium Severity
Solarwinds
SVRS
34/100
CVSSv3
9.8/10
EPSS
0.21563/1

CVE-2024-28986 is a critical Java Deserialization Remote Code Execution vulnerability found in SolarWinds Web Help Desk, potentially allowing attackers to execute arbitrary commands on the server. Although initially reported as unauthenticated, SolarWinds has not been able to reproduce the exploit without authentication; however, they recommend patching as a precaution. With an SVRS score of 34, indicating a medium risk, and despite the high CVSS score, immediate action may not be required for all environments. However, given the presence of active exploits and the vulnerability being "In The Wild", organizations should prioritize patching. The associated CWE-502 highlights the dangers of insecure deserialization and the potential for severe system compromise. Ignoring this CVE could lead to unauthorized access and complete system control.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-13
LAST MODIFIED2025-02-10
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-28986 is a Java Deserialization Remote Code Execution vulnerability in SolarWinds Web Help Desk. Exploitation allows attackers to execute commands on the host machine. Despite being initially reported as unauthenticated, SolarWinds has been unable to reproduce it without authentication. However, a patch is available and recommended for all Web Help Desk customers.

Key Insights:

  • SVRS Score: 40, indicating a moderate risk.
  • Threat Actors/APT Groups: Not specified.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: CISA has issued a warning, calling for immediate action.
  • In The Wild: The vulnerability is actively exploited by hackers.

Mitigation Strategies:

  • Apply the patch released by SolarWinds.
  • Implement network segmentation to limit the impact of potential exploitation.
  • Use a web application firewall (WAF) to block malicious requests.
  • Regularly monitor logs for suspicious activity.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-289862024-08-15
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) - Help Net Security
2024-08-15
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) - Help Net Security | News Content: SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available,” the company advises. About CVE-2024-28986 SolarWinds Web Help Desk is a web-based
google.com
rss
forum
news
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited - Help Net Security
2024-08-25
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. New Chrome zero
google.com
rss
forum
news
Critical SolarWinds bug requires immediate patching due to active exploitation - Techzine Europe
2024-08-19
Critical SolarWinds bug requires immediate patching due to active exploitation - Techzine Europe | News Content: Hackers are actively exploiting a critical vulnerability in SolarWinds’ Web Help Desk software. This allows them to remotely execute malicious code on affected servers. The vulnerability, known as CVE-2024-28986, scores a whopping 9.8 out of 10 on the CVSS Severity Scale. It involves a Java deserialization bug. SolarWinds has released a patch and urges all users to apply it immediately to secure their systems. There was no initial evidence that the vulnerability was being exploited in the wild. Nevertheless, SolarWinds recommended applying the patch
google.com
rss
forum
news
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions - BleepingComputer
2024-08-14
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions - BleepingComputer | News Content: A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. The company has released a hotfix and says that the security issue, tracked as CVE-2024-28986, is a Java deserialization that would allow an attacker to run commands on a vulnerable host machine. Web Help Desk (WHD) is an IT help desk software that centralizes, automates, and streamlines help desk management tasks. It is
google.com
rss
forum
news
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions - BleepingComputer
2024-08-14
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions - BleepingComputer | News Content: By Bill Toulas 11:22 AM A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. The company has released a hotfix and says that the security issue, tracked as CVE-2024-28986, is a Java deserialization that would allow an attacker to run commands on a vulnerable host machine. Web Help Desk (WHD) is an IT help desk software that centralizes, automates, and streamlines
google.com
rss
forum
news
SolarWinds patches critical RCE vulnerability in its Web Help Desk - scworld.com
2024-08-16
SolarWinds patches critical RCE vulnerability in its Web Help Desk - scworld.com | News Content: Administrators ready to take an early weekend have been served with what might be the scariest three words in IT: Critical SolarWinds Vulnerability. The IT services provider said that a vulnerability in its Web Help Desk (WHD) offering could potentially allow an attacker to achieve remote code execution and take over a vulnerable system without authentication. Labeled CVE-2024-28986, the flaw is down to a Java deserialization vulnerability. An attacker with access to the WHD application can send malicious commands to the target system and achieve
google.com
rss
forum
news
SolarWinds patches critical RCE vulnerability in its Web Help Desk | SC Media - scworld.com
2024-08-16
SolarWinds patches critical RCE vulnerability in its Web Help Desk | SC Media - scworld.com | News Content: Administrators ready to take an early weekend have been served with what might be the scariest three words in IT: Critical SolarWinds Vulnerability. The IT services provider said that a vulnerability in its Web Help Desk (WHD) offering could potentially allow an attacker to achieve remote code execution and take over a vulnerable system without authentication. Labeled CVE-2024-28986, the flaw is down to a Java deserialization vulnerability. An attacker with access to the WHD application can send malicious commands to the target system
google.com
rss
forum
news

Social Media

CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024: A critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk puts systems at risk of exploitation, requiring immediate attention. Affected Platform The security… https://t.co/E2Hi7iJ1qK https://t.co/q3L2F1kH2O
0
0
0
Actively exploited CVE : CVE-2024-28986
1
0
0
The latest update for #ArcticWolf includes "CVE-2024-28986 & CVE-2024-28987: Follow-Up: New SolarWinds HotFix Addresses Critical Vulnerabilities in Web Help Desk". #cybersecurity #infosec #networks https://t.co/yhyVljouXr
0
0
0
Reported a critical vulnerability to SolarWinds on Friday after digging into the recent CISA KEV CVE-2024-28986 for WebHelpDesk, amazed they’ve already shipped a patch 4 days later! https://t.co/heOj7y3JdM Will release some details next month.
0
0
0
On August 13, 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). Find Arctic Wolf's recommendations here: #EndCyberRisk https://t.co/ACL6qjATip
0
0
0
Warning: New vulnerability (#CVE-2024-28986) affecting @solarwinds Web Help Desk has been discovered, allowing Java Deserialization Remote Code Execution #RCE on the host machine if exploited. Do not forget to #Patch #Patch #Patch https://t.co/0pcAON2nvT
0
1
0
According to @CISACyber SolarWinds CVE-2024-28986 is actively exploited We added Internet exposed SolarWinds Web Help Desk instances to our daily Device ID reports -https://t.co/1uPaaDBimE 812 found on 2024-08-18, 527 in the US Exposure by country: https://t.co/bL9YtDxtK4 https://t.co/zJ35Q2Zh0o
1
0
3
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) https://t.co/S5FI87y4Jp https://t.co/PGo5no6xo7
0
0
0
@CISACyber Well, at least my vintage Windows 95 is safe from CVE-2024-28986! #RetroSecurity 🤓🖥️
0
0
0
🚨Critical SolarWinds Web Help Desk vulnerability (CVE-2024-28986) exploited in the wild! Remote code execution possible—patch now.⚠️ CISA mandates federal agencies to fix by Sept 5. #CyberSecurity #ZeroDay #SolarWinds https://t.co/KlEMIwdHAf
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppSolarwindsweb_help_desk

References

ReferenceLink
[email protected]https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
[email protected]https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence