CVE-2024-28986
Published: 13 August 2024
Summary
CVE-2024-28986 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
SolarWinds Web Help Desk contains a Java deserialization vulnerability tracked as CVE-2024-28986 that permits remote code execution on the underlying host. The flaw stems from unsafe handling of serialized Java objects and is assigned CWE-502 along with a CVSS 3.1 score of 9.8 reflecting network-accessible attack complexity that is low and requires no user interaction.
An unauthenticated attacker could supply a malicious serialized payload to execute arbitrary commands on the server. Although SolarWinds was unable to reproduce the issue without valid credentials during internal testing, the vendor still treats the vector as potentially unauthenticated and therefore recommends immediate remediation for all deployments.
The official SolarWinds advisory directs customers to apply Web Help Desk 12.8.3 Hotfix 1, available from the vendor support portal. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming that in-the-wild exploitation has been observed.
The associated EPSS score currently stands at 0.8024 with a recorded peak of 0.8419, indicating sustained and elevated exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26048
Vulnerability details
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds…
more
has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
- CWE(s)
- KEV Date Added
- 15 August 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (WHD 12.8.3 Hotfix 1) that eliminates the deserialization flaw.
Mandates validation of all input before deserialization, blocking malicious serialized objects that lead to RCE.
Enforces authentication and authorization checks on the Web Help Desk interface, limiting reachability of the vulnerable endpoint.