Horizon3.ai Chief Attack Engineer Zach Hanley has just published “CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive.” He details “a hardcoded credentials vuln affecting SolarWinds Web Help Desk. It allows attackers to read all help desk tickets, often containing sensitive IT procedures including user onboarding, password resets and shared resource credentials.”
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024.
The advisory states: SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Zach said: “While we initially went in looking for the above vulnerability, we discovered a different vulnerability, now assigned CVE-2024-28987, which allows unauthenticated attackers to remotely read and modify all help desk ticket details – often containing sensitive information like passwords from reset requests and shared service account credentials.
“At the time of writing this, there are approximately 827 instances of SolarWinds Web Help Desk reachable on the internet. The WHD application is seemingly popular with State, Local, and Education (SLED) market segment according to a brief examination of those that expose it to the internet and our own client base.”
Horizon3.ai is publishing the deep dive today (September 25, 2024), having provided SolarWinds more than 30 days’ notice (on August 13, 2024), allowing the SolarWinds team to discover and patch the vulnerability. This is in keeping with Horizon3.ai’s practices to decrease the likelihood of exploitation and protect users.
Related
This entry was posted on September 25, 2024 at 10:19 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Publishes Deep Dive On A SolarWinds Web Help Desk Hardcoded Credential Vulnerability
Horizon3.ai Chief Attack Engineer Zach Hanley has just published “CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive.” He details “a hardcoded credentials vuln affecting SolarWinds Web Help Desk. It allows attackers to read all help desk tickets, often containing sensitive IT procedures including user onboarding, password resets and shared resource credentials.”
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024.
The advisory states: SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
Zach said: “While we initially went in looking for the above vulnerability, we discovered a different vulnerability, now assigned CVE-2024-28987, which allows unauthenticated attackers to remotely read and modify all help desk ticket details – often containing sensitive information like passwords from reset requests and shared service account credentials.
“At the time of writing this, there are approximately 827 instances of SolarWinds Web Help Desk reachable on the internet. The WHD application is seemingly popular with State, Local, and Education (SLED) market segment according to a brief examination of those that expose it to the internet and our own client base.”
Horizon3.ai is publishing the deep dive today (September 25, 2024), having provided SolarWinds more than 30 days’ notice (on August 13, 2024), allowing the SolarWinds team to discover and patch the vulnerability. This is in keeping with Horizon3.ai’s practices to decrease the likelihood of exploitation and protect users.
Share this:
Like this:
Related
This entry was posted on September 25, 2024 at 10:19 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.