Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SolarWinds Advisory: Unauthenticated Access in Web Help Desk (12.7.5) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SolarWinds Advisory: Unauthenticated Access in Web Help Desk (12.7.5)

There is a SolarWinds security advisory for Unauthenticated Access in Web Help Desk (WHD) 12.7.5.

Summary

A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk (WHD) 12.7.5. The customer’s endpoint detection and response (EDR) system blocked the attack and alerted the customer to the issue.

SolarWinds is currently investigating this report. We have not been able to reproduce the scenario, and are working with the customer to further the investigation.

In an abundance of caution, SolarWinds recommends all Web Help Desk customers whose WHD implementation is externally facing to remove it from your public (internet-facing) infrastructure until we know more. If you are not able to remove it from your public infrastructure at this time, we recommend you ensure you have EDR software deployed, and are monitoring the WHD instance.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

DidierStevens

638 Posts
ISC Handler
Mar 19th 2022

Sign Up for Free or Log In to start participating in the conversation!