Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out.
cve-2024-28987="" solarwinds-web-help-desk-hardcoded-credential-vulnerability="" "="" title="SolarWinds Web Help Desk Hardcoded Credential Vulnerability">CVE-2024-28987" title="SolarWinds Web Help Desk (Source: SolarWinds)">
CVE-2024-28987
CVE-2024-28987 stems from Web Help Desk having hardcoded credentials that can be misused by remote unauthenticated users to access internal functionality and modify data.
The vulnerability was reported by Horizon3.ai vulnerability researcher Zach Hanley, after after digging into CVE-2024-28986, which – according to the US Cybersecurity and Infrastructure Security Agency – is being actively exploited by attackers.
Web Help Desk 12.8.3 Hotfix 2 – the fix that addresses CVE-2024-28987 – also includes the fixes from the previous hotfix (for CVE-2024-28986), more patterns to fix an SSO issue, and solves a bug that stripped the Upload Attachments, Cancel, and Save buttons from the client application.
Admins are advised to implement the latest hotfix as soon as possible. Instructions on how to do it – as some manual tweaking is required – are included in the knowledge base article.
Requests to non-existent pages on vulnerable instances return the default login page, Hanley explained. “Patched instances will return no content / content-length 0.”
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024