Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Vulnerability In SolarWinds Web Help Desk Allows For Remote Code Execution, Patch Immediately!
Image
Published : 19/08/2024
Reference:
Advisory #2024-203
Version:
1.0
Affected software:
SolarWinds Web Help Desk v12.8.3
Type:
Java Deserialization Remote Code Execution
CVE/CVSS:
CVE-2024-28986: CVSS v3 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
SolarWinds: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986
Risks
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
The vulnerability has a high impact on confidentiality, integrity, and availability.
Description
While it is reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, SolarWinds recommends all Web Help Desk customers apply the patch, which is now available.
This vulnerability requires no user interaction and no privileges (according to the reporting entity), making it easily exploitable. Successful exploitation could allow an attacker to execute arbitrary commands on the host machine, potentially leading to full system compromise, data theft, or service disruption.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. A patch is now available for this vulnerability. SolarWinds recommends all Web Help Desk customers apply the patch. The patch is available for versions up to and including 12.8.3.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
SolarWinds: https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1