Cyber Resilience

CVE-2024-28986

CriticalCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 13 August 2024

Published
13 August 2024
Modified
27 October 2025
KEV Added
15 August 2024
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8024 99.1th percentile
Risk Priority 88 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28986 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

SolarWinds Web Help Desk contains a Java deserialization vulnerability tracked as CVE-2024-28986 that permits remote code execution on the underlying host. The flaw stems from unsafe handling of serialized Java objects and is assigned CWE-502 along with a CVSS 3.1 score of 9.8 reflecting network-accessible attack complexity that is low and requires no user interaction.

An unauthenticated attacker could supply a malicious serialized payload to execute arbitrary commands on the server. Although SolarWinds was unable to reproduce the issue without valid credentials during internal testing, the vendor still treats the vector as potentially unauthenticated and therefore recommends immediate remediation for all deployments.

The official SolarWinds advisory directs customers to apply Web Help Desk 12.8.3 Hotfix 1, available from the vendor support portal. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming that in-the-wild exploitation has been observed.

The associated EPSS score currently stands at 0.8024 with a recorded peak of 0.8419, indicating sustained and elevated exploitation interest following disclosure.

EU & UK References

Vulnerability details

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds…

more

has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

CWE(s)
KEV Date Added
15 August 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

solarwinds
web help desk
12.8.3 · ≤ 12.8.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch (WHD 12.8.3 Hotfix 1) that eliminates the deserialization flaw.

prevent

Mandates validation of all input before deserialization, blocking malicious serialized objects that lead to RCE.

prevent

Enforces authentication and authorization checks on the Web Help Desk interface, limiting reachability of the vulnerable endpoint.

References