Unauthenticated Access to Internal Functionality and Data via Hardcoded Credentials
CVE-2024-28987
Key Information:
- Vendor
- Solarwinds
- Status
- Vendor
- CVE Published:
- 21 August 2024
Badges
What is CVE-2024-28987?
CVE-2024-28987 is a vulnerability found in SolarWinds Web Help Desk (WHD), a software solution designed to streamline IT service management and support. This particular vulnerability arises from hardcoded credentials that allow remote, unauthenticated users to gain access to internal functions and sensitive data within the application. Consequently, organizations utilizing this software may face significant security risks, including unauthorized data manipulation and potential service disruptions.
Technical Details
The vulnerability stems from the implementation of hardcoded credentials within the SolarWinds Web Help Desk system. Attackers can exploit this flaw without authentication, enabling them to interact with secure internal functions of the software. This access can lead to unauthorized data modifications and exploitation of application logic, which can affect the integrity and availability of the service.
Impact of the Vulnerability
-
Data Breach: Unauthorized access to internal functionality allows attackers to retrieve and potentially alter sensitive data, leading to significant privacy and compliance violations for organizations.
-
Service Disruption: The ability to modify internal data can disrupt the operations of IT service management, compromising incident response capabilities and overall service quality.
-
Increased Attack Surface: The exploitation of this vulnerability can serve as a foothold for further attacks within an organization, expanding the risk of additional compromises across interconnected systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Web Help Desk 12.8.3 Hotfix 1 and previous versions
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation
CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.
4 months ago
Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released - Help Net Security
Hereβs an overview of some of last weekβs most interesting news, articles, interviews and videos: Windows Server 2025 gets hotpatching option, without
5 months ago
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) - Help Net Security
Details about and PoC exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability, are now public.
5 months ago
References
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π‘
Public PoC available
- π
Vulnerability started trending
- πΎ
Exploit known to exist
- π°
First article discovered by CybersecurityNews
Vulnerability published