The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing ongoing active exploitation.
Designated as CVE-2024-28987 with a CVSS score of 9.1, this flaw involves hard-coded credentials that could be leveraged by attackers to gain unauthorized access and alter data.
In its advisory, CISA warned that “SolarWinds Web Help Desk contains a hardcoded credential vulnerability, potentially allowing remote, unauthenticated users to access internal functions and modify information.”
Initially disclosed by SolarWinds in late August 2024, further technical details were provided by cybersecurity firm Horizon3.ai a month later.
Security expert Zach Hanley explained that this vulnerability “enables unauthenticated attackers to remotely view and modify help desk ticket information, which often contains sensitive details such as password reset requests and shared service account credentials.”
While the specific methods and actors behind the real-world exploitation remain unclear, this announcement follows a related vulnerability (CVE-2024-28986, CVSS score: 9.8) that was added to the KEV catalog just two months earlier.
Given the active abuse, Federal Civilian Executive Branch (FCEB) agencies have been mandated to apply the latest software patches (version 12.8.3 Hotfix 2 or newer) by November 5, 2024, to protect their networks.