SolarWinds is warning customers that hackers could exploit a potential security vulnerability in its Internet-facing Web Help Desk application. Web Help Desk (WHD) is a ticketing and incident tracking software solution that enables customers to automate such tasks.
Attackers could exploit unpatched WHD instances to access environmental details about the Web Help Desk installation, according to the CVE-2021-35251 advisory. “A vulnerability has been found in SolarWinds Web Help Desk (the affected version is unknown) and classified as problematic,” SolarWinds said in the advisory. “This vulnerability affects an unknown functionality. The manipulation with an unknown input leads to an information disclosure vulnerability.”
An attack can be initiated remotely and no form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. SolarWinds didn’t say if the flaw could flow to its managed security service providers (MSSPs) or their customers.
Successful Attacks? None Are Known as So Far
At this point, only a single customer experienced an incident. The customer's endpoint detection and response (EDR) system reportedly blocked the attack and alerted the customer to the issue, SolarWinds said. (via BleepingComputer).
"We received a report from one customer about an attempted attack that was not successful," a SolarWinds spokesperson told BleepingComputer. "While we are investigating this matter, we have also alerted other customers about this potential issue out of an abundance of caution. At this point, we have no reason to believe other customers were impacted."
SolarWinds advised its WHD customers using an internet-facing solution to remove it "until we know more.”
Help Desk Software, MSPs and SolarWinds
Hackers frequently target help desk software because such systems can be a doorway into service provider databases and perhaps even a pipeline out to multiple end-customer systems. Still, there's no evidence that such a scenario has unfolded here with the Web Help Desk issue.
Meanwhile, SolarWinds and its customer base remain keenly aware of cybersecurity risks -- especially after the SolarWinds Orion hack was discovered in December 2020. A few months after that hack was disclosed, SolarWinds spun off its N-able software business for MSPs. N-able's software was not impacted by the Orion breach.