SolarWinds has announced critical patches for a newly discovered security vulnerability in its Web Help Desk (WHD) application. This flaw potentially allows remote, unauthorized users to access and modify data within vulnerable systems.
According to SolarWinds, the vulnerability—designated as CVE-2024-28987—is categorized with a CVSS score of 9.1, classifying it as critical. The issue stems from hardcoded credentials that could enable an attacker to remotely interact with internal functionalities of the WHD software. The discovery of this vulnerability was made and reported by security researcher Zach Hanley from Horizon3.ai.
This disclosure follows closely on the heels of another severe vulnerability (CVE-2024-28986) identified in the same software, which had a CVSS score of 9.8 and allowed for the execution of arbitrary code. Reports indicate that this prior vulnerability is currently being exploited in the wild, as noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Organizations utilizing the WHD software are advised to upgrade to version 12.8.3 Hotfix 2. However, it is important to note that this patch can only be applied to those already operating on version 12.8.3.1813 or 12.8.3 HF1. The urgency of this update is underscored by the potential for exploitation, which has yet to be fully understood in the context of ongoing attacks.
Months after the revelations about the earlier code execution flaw, details regarding CVE-2024-28987 are anticipated to be published next month. As such, the timely application of the necessary updates is crucial for minimizing security risks.
Horizon3.ai has published insights into CVE-2024-28987, emphasizing that the vulnerability permits unauthenticated attackers to not only read but also alter all help desk ticket information, which frequently includes sensitive data such as passwords and service account credentials. They have identified approximately 827 instances of SolarWinds Web Help Desk exposed to the internet, with concentrations in the U.S., France, Canada, China, and India.
When evaluating the exposure among their clients, researchers found that many organizations inadvertently disclosed sensitive information related to IT processes, including user onboarding procedures and password resets. Although this vulnerability may not fully compromise the WHD server, the risk of lateral movement using leaked credentials is particularly high, presenting significant implications for organizations’ overall cybersecurity posture.