SolarWinds Web Help Desk: hardcoded credential vulnerability (CVE-2024-28987) #shorts #breaking

CVE

This CVE, identified as CVE-2024-28987, pertains to a critical hardcoded credential vulnerability found in SolarWinds Web Help Desk software versions up to 12.8.3 Hotfix 1. Discovered two months ago, this zero-day vulnerability could potentially allow attackers unauthorized access to sensitive internal operations, facilitating data manipulation without prior authentication. The threat is especially concerning as attackers can use proof-of-concept tools to exploit this vulnerability, though specific attack details remain undisclosed. All users operating the affected versions should regard this vulnerability as a significant security risk.

Watch the full video on YouTube: CVE-2024-28987

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-28987
Description
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
Provider
SolarWinds
CWE / problem types
CWE-798 Use of Hard-coded Credentials
Affected Software Versions
SolarWinds:Web Help Desk:[{'status': 'affected', 'version': '12.8.3 Hotfix 1 and previous versions'}]
Date Published
2024-08-21T21:17:23.041Z
Last Updated
2024-10-16T13:00:04.181Z