SolarWinds Web Help Desk Hit by Critical Vulnerability (CVE-2024-28987)
SolarWinds has issued an urgent security advisory for its Web Help Desk (WHD) software, warning of a critical hardcoded credential vulnerability (CVE-2024-28987) that poses a significant risk to organizations using the popular IT help desk management tool. With a CVSS score of 9.1, this vulnerability could allow remote, unauthenticated attackers to access internal functionalities and modify data, potentially leading to severe security breaches.
CVE-2024-28987 is a hardcoded credential vulnerability within the SolarWinds Web Help Desk software, which centralizes and automates help desk management tasks for a wide range of industries, including large corporations, government agencies, healthcare institutions, educational organizations, and customer support centers. The flaw allows unauthorized remote access to critical internal functions, enabling attackers to potentially disrupt operations, steal sensitive data, or escalate their attacks within the targeted network.
Given the widespread use of WHD in handling sensitive support tickets, customer information, and internal IT operations, the implications of this vulnerability are far-reaching. Organizations relying on SolarWinds WHD are advised to take immediate action to mitigate the risks associated with this flaw.
In response to this discovery, SolarWinds has released a critical hotfix—SolarWinds Web Help Desk 12.8.3 Hotfix 2—which addresses both CVE-2024-28987 and another recently patched vulnerability, CVE-2024-28986. The latter, a Java deserialization vulnerability, was patched last week and has already been exploited in the wild to achieve remote code execution on vulnerable servers.
The Cybersecurity and Infrastructure Security Agency (CISA) has also issued a warning regarding the exploitation of vulnerabilities in SolarWinds’ Web Help Desk solution. The rapid pace at which threat actors have moved to exploit CVE-2024-28986 underscores the urgency of addressing these vulnerabilities. With the discovery of CVE-2024-28987, the potential for damaging attacks has only increased, making it crucial for organizations to act quickly.
To safeguard their systems, SolarWinds strongly recommends that all Web Help Desk customers upgrade to the latest release and apply the hotfix without delay. The hotfix is compatible with Web Help Desk versions 12.8.3.1813 and 12.8.3 HF1, but administrators must manually add and modify specific files to ensure the patch is properly applied. SolarWinds has published a detailed support article outlining the steps necessary to apply and, if needed, remove the hotfix.
