Security News > 2022 > March > SolarWinds warns of attacks targeting Web Help Desk instances
SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk instances and advised removing them from publicly accessible infrastructure.
"A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk 12.7.5. The customer's endpoint detection and response system blocked the attack and alerted the customer to the issue," SolarWinds said.
"In an abundance of caution, SolarWinds recommends all Web Help Desk customers whose WHD implementation is externally facing to remove it from your public infrastructure until we know more."
Customers who cannot immediately remove WHD instances from Internet-exposed servers are advised to deploy EDR software and monitor them for attack attempts.
"We received a report from one customer about an attempted attack that was not successful," a SolarWinds spokesperson told BleepingComputer.
As detailed in the CVE-2021-35251 advisory, attackers could exploit unpatched WHD instances to access environmental details about the Web Help Desk installation, which might make abusing the other three security bugs easier.
News URL
Related news
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-35251 | Information Exposure Through an Error Message vulnerability in Solarwinds web Help Desk Sensitive information could be displayed when a detailed technical error message is posted. | 5.0 |