Attackers Targeting Unpatched SolarWinds WHD Instances

You are currently viewing Attackers Targeting Unpatched SolarWinds WHD Instances

SolarWinds has issued a warning to its customers about assaults on Web Help Desk (WHD) instances that are open to the internet. The business recommended that instances with publicly available infrastructure be removed.

The attacks are still happening.

One of SolarWinds’ users identified an attempted assault on a WHD 12.7.5 instance, according to the company.

The attack had been prevented by the customer’s EDR system, which had informed them to the problem.

Furthermore, despite failing to replicate the event, the tech business is engaging with the prospective customer to evaluate the report.

Instances of WHD with flaws

The tech business did not give any details about the attack’s tools or methodology. In unpatched WHD instances, however, there are four known security flaws that an attacker might exploit.

The first flaw is a Business Logic Bypass Vulnerability (CVE-2021-32076), which was fixed in WHD 12.7.6.

The second issue (CVE-2021-35243) is an enabled HTTP PUT & DELETE Methods flaw, which was patched in WHD 12.7.7. 1. Hotfix

The third vulnerability is related to hard-coded credentials that allow arbitrary HSQL queries to be executed (CVE-2021-35232), which was patched in WHD 12.7.7. 1. Hotfix

The final vulnerability is the sensitive Data Disclosure Vulnerability (CVE-2021-35251), which was patched in WHD 12.7.8.

Unpatched WHD instances (CVE-2021-35251) could be used by an attacker to gain access to information details about the system and exploit the other three security issues.

Words of Warning

To keep WHD off the internet, SolarWinds recommends that all clients adopt an externally facing implementation.

Users who are unable to uninstall WHD examples from internet-exposed systems should install EDR software and check them for attack attempts, according to SolarWinds.

Notes at the end

Even though the latest attack failed, customers that have an unpatched WHD instance are still at danger. As a result, users should apply the updates as soon as possible to address the exploited issues. Additionally, for better protection, always utilise a reputable anti-malware solution.

Leave a Reply