CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain unauthorized access and make modifications.

"SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data," CISA said in an advisory.

Details of the flaw were first disclosed by SolarWinds in late August 2024, with cybersecurity firm Horizon3.ai releasing additional technical specifics a month later.

The vulnerability "allows unauthenticated attackers to remotely read and modify all help desk ticket details – often containing sensitive information like passwords from reset requests and shared service account credentials," security researcher Zach Hanley said.

It's currently not clear how the shortcoming is being exploited in real-world attacks, and by whom. That said, the development comes two months after CISA added another flaw in the same software (CVE-2024-28986, CVSS score: 9.8) to the KEV catalog.

In light of active abuse, Federal Civilian Executive Branch (FCEB) agencies are required to apply the latest fixes (version 12.8.3 Hotfix 2 or later) by November 5, 2024, to secure their networks.