The severity is CRITICAL due to the pre-authentication RCE vulnerability, which allows full compromise of the system without needing any credentials. This issue has high real-world exploitability and requires immediate attention.
SolarWinds Web Help Desk is vulnerable to a pre-authentication remote code execution (RCE) chain, allowing attackers to execute arbitrary commands on the server. This impacts system integrity and confidentiality as unauthorized users can gain control over the help desk software.
Affected Systems
- SolarWinds Web Help Desk
Affected Versions: All versions before 16.0.3
Remediation
- Upgrade to SolarWinds Web Help Desk version 16.0.3 or later using the official installation package from SolarWinds.
- Review system logs for any signs of unauthorized access or command execution.
Stack Impact
This issue affects services running on SolarWinds Web Help Desk but does not directly impact nginx, docker, linux kernel, openssh, curl, openssl, python, or other homelab components unless they are indirectly affected by the compromised help desk system.