Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

August 22, 2024 at 01:54PM

SolarWinds has released patches to fix a new security flaw in its Web Help Desk software that could permit unauthorized access. Tracked as CVE-2024-28987, the vulnerability is rated 9.1 in severity. Users are advised to update to version 12.8.3 Hotfix 2 to address the issue. Further details will be disclosed next month.

Key Takeaways from the meeting notes:

– SolarWinds has released patches to address a vulnerability in its Web Help Desk (WHD) software, allowing remote unauthenticated users to gain unauthorized access.
– The vulnerability, tracked as CVE-2024-28987, is rated 9.1 on the CVSS scoring system, indicating critical severity.
– Users are advised to update to version 12.8.3 Hotfix 2 to mitigate the vulnerability, but it requires Web Help Desk 12.8.3.1813 or 12.8.3 HF1.
– The vulnerability has been actively exploited in the wild and is of concern to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
– Additional details about the vulnerability are expected to be released next month, emphasizing the importance of timely updates to mitigate potential threats.

Full Article