October 16, 2024 at 01:42AM
CISA has added a critical vulnerability (CVE-2024-28987) in SolarWinds Web Help Desk software to its KEV catalog, noting active exploitation. This flaw allows unauthorized remote access to modify sensitive help desk ticket data. Federal agencies must apply security fixes by November 5, 2024, to protect their networks.
**Meeting Takeaways – Oct 16, 2024**
**Topic: Vulnerability/Data Protection**
**Attendee: Ravie Lakshmanan**
1. **New Vulnerability Identified**: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog.
2. **Details of the Vulnerability**:
– **CVE Identifier**: CVE-2024-28987
– **CVSS Score**: 9.1 (critical severity).
– **Nature of Flaw**: Hard-coded credentials that can be exploited for unauthorized remote access and modifications.
– **Potential Impact**: Allows unauthenticated attackers to read and modify sensitive help desk ticket details, which may include passwords and service account credentials.
3. **Background Information**:
– SolarWinds disclosed the flaw in August 2024.
– Cybersecurity firm Horizon3.ai provided further technical details in September 2024.
– This is the second critical vulnerability identified in SolarWinds WHD software, following CVE-2024-28986, which has an even higher CVSS score of 9.8.
4. **Action Required**:
– Federal Civilian Executive Branch (FCEB) agencies are mandated to implement the latest software fixes (version 12.8.3 Hotfix 2 or later) by November 5, 2024, to ensure network security in light of active exploitation.
5. **Further Research Needed**: Current exploitation methods and the parties involved remain unclear.
**Additional Note**: For more information on this topic, follow on Twitter and LinkedIn for exclusive content updates.