SolarWinds Web Help Desk Flaw Allows Remote Code Execution

The hotfix resolves two critical security vulnerabilities in the SolarWinds Web Help Desk by addressing a remote code execution vulnerability that was previously patched in WHD 12.8.3 Hotfix 1, and it fixes a hardcoded credential vulnerability that could have compromised user credentials. 

It also restores the product functionality that was affected by the previous patch, ensuring that the software operates as intended while remaining secure.

This hotfix addresses a range of critical security vulnerabilities in the SolarWinds Web Help Desk by patching hardcoded credentials, enhancing SSO functionality, and restoring missing buttons in the client application. 

In addition, it incorporates fixes from a previous hotfix, one of which is a remedy for a vulnerability that allows remote code execution. 

SolarWinds Web Help Desk is vulnerable to a Java Deserialization Remote Code Execution attack, where an attacker could exploit this vulnerability to execute arbitrary code on the affected system. 

While it couldn’t reproduce the attack without authentication, they recommend applying the patch as a precaution, which is available for Web Help Desk 12.8.3 Hotfix 1.

The SolarWinds Web Help Desk (WHD) software contains a hardcoded credential vulnerability, which means that an attacker who doesn’t need to log in can access the software’s internal functions and change data. 

This is a serious security flaw that could be exploited to steal sensitive information or disrupt the system, as SolarWinds has released a hotfix (12.8.3 Hotfix 2) to address this issue. 

The hotfix introduces security enhancements to WebHelpDesk by adding a new JAR file, whd-security.jar, to the Tomcat library directory and modifying the whd-core.jar and whd-web.jar files in the web application’s WEB-INF/lib directory. 

Manual configuration changes are required to the tomcat_server_template.xml file in the WebHelpDesk configuration directory, which collectively strengthens the security posture of the WebHelpDesk application.

It is compatible with Web Help Desk versions 12.8.3.1813 and 12.8.3 HF1. The installation directory for Web Help Desk varies by operating system: macOS (/Library/WebHelpDesk), Windows (\Program Files\WebHelpDesk), and Linux (/usr/local/webhelpdesk).

According to SolarWinds, the CVE-2024-28987 vulnerability can be mitigated by installing a hotfix for Web Help Desk, which includes a new whd-security.jar file that should be copied to the /lib directory. 

Both the whd-core.jar and the whd-web.jar files that are located in the /lib directory ought to be backed up, and then the new versions that are included in the hotfix ought to be replaced subsequently. 

The tomcat_server_template.xml file needs to be modified to include a new SecurityValve element with the appropriate GET and POST request patterns. Once these steps are completed, the Web Help Desk can be restarted to apply the changes and protect against the vulnerability.

To uninstall the hotfix, first stop at the Web Help Desk. Then, navigate to the WebHelpDesk/bin/webapps/helpdesk/WEB-INF/lib directory and replace the whd-core.jar and whd-web.jar files with their backup copies. 

Finally, go to the WebHelpDesk/conf directory and overwrite the tomcat_server_template.xml file with its backup, and restart the Web Help Desk to complete the hotfix uninstallation process.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here