Critical Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk

ISGroup Cybersecurity

A critical vulnerability has been identified in SolarWinds Web Help Desk (WHD), a popular service management software used by IT support teams. The flaw is currently being actively exploited, which is why it has been included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

ProductSolarWinds Web Help Desk
Date2024-10-17 12:38:15
Information
  • Fix Available
  • Active Exploitation

Technical Summary

CVE-2024-28987 allows unauthenticated remote attackers to access internal functionality using hardcoded credentials. This vulnerability enables attackers to modify data within the system, potentially resulting in data breaches or further malicious activity.

Recommendations

Apply the latest available patches immediately. Agencies must update to version 12.8.3 Hotfix 2 or higher by November 5, 2024, to secure their networks and prevent unauthorized access or data compromise.

[Callforaction-THREAT-Footer]