CISA Warns Hackers Actively Exploiting Critical SolarWinds Web Help Desk Flaw

U.S. cybersecurity officials say attackers are already abusing a critical SolarWinds vulnerability to remotely seize systems, urging organizations worldwide to patch immediately.

Cybersecurity officials in the federal government have raised the alarm regarding a serious security flaw in SolarWinds Web Help Desk software, reporting that threat actors are actively exploiting this flaw and advising organizations to take immediate action. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) placed the flaw into its Known Exploited Vulnerabilities ('NVE') database, a list of confirmed real-world attacks, which mandates accelerated urgency to resolve the problem.

This vulnerability, designated CVE-2024-28987 and rated a CVSS of 9.8, allows unapproved attackers to execute arbitrary code on certain unsupported Web Help Desk systems. This means a malicious entity could likely retain full control of these computer systems used widely in IT management, ticketing management, and asset management workflows in both public and private sector industries.

According to CISA, the vulnerability is caused by the software's architecture failing to adequately validate input, thereby allowing an individual to inject and execute code without the need for credentials, which applies to the Remote Code Execution ('RCE') function and also expands the attack surface of the domain significantly, making systems exposed to the internet easier to compromise by attackers outside the network.

The timing of this alert is especially significant given SolarWinds’s past with supply chain attacks that affected over 17,000 customers previously; although this vulnerability is indeed not the same as those vulnerabilities found in previous attacks.

Even though this vulnerability is unrelated to the previous SolarWinds attack on their supply-chain, the timing is important and indicates that adversaries continue to target enterprise IT management platforms because they have significant privileges in an organization's infrastructure.

SolarWinds has provided security updates for their vulnerability in newer releases of Web Help Desk and encourages all customers to upgrade as soon as possible. Security experts recommend that organizations enhance their monitoring of networks and critical systems, segment critical systems, and perform forensic investigations of systems that may have been compromised prior to applying patches.