The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Tuesday the addition of a serious vulnerability affecting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes amid indications of active exploitation of the flaw.
Identified as CVE-2024-28987, this vulnerability has been assigned a CVSS score of 9.1. It pertains to a security issue involving hard-coded credentials, which could be exploited to gain unauthorized access, enabling attackers to modify system functionalities.
CISA provided insights into the vulnerability, stating that “SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.” Such access could have significant ramifications for organizations using this software, as it potentially opens the door to unauthorized data manipulation.
The first disclosures regarding this vulnerability were made by SolarWinds in late August 2024, followed by further technical details released by cybersecurity firm Horizon3.ai a month later. The implications of this vulnerability have raised concerns among cybersecurity experts, particularly given its capability to allow unauthorized entities to access and manipulate sensitive help desk ticket information, which may include credentials from password reset requests.
At this time, specific exploitation techniques being employed in real-world scenarios remain unclear, along with the identities of the attackers. Notably, this revelation follows closely on the heels of CISA’s earlier addition of another significant flaw in the same software (CVE-2024-28986, CVSS score: 9.8) to the KEV catalog two months prior.
In light of the active exploitation of this vulnerability, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies adopt the latest patches (version 12.8.3 Hotfix 2 or later) by November 5, 2024. This directive underscores the urgency of addressing security weaknesses to protect sensitive data and infrastructure.
In terms of potential attack vectors, adversaries could have employed tactics such as initial access, utilizing the hard-coded credentials to bypass authentication mechanisms. Furthermore, techniques related to privilege escalation might have been applicable, allowing attackers to elevate their access permissions post-exploitation.
As organizations continue to navigate the complexities of cybersecurity, timely awareness of vulnerabilities and prompt action in applying necessary updates are crucial for safeguarding digital assets. Following developments in these matters is essential for business owners who are increasingly concerned about the evolving landscape of cyber threats.
