October 16, 2024 at 04:03PM
A critical credential vulnerability in SolarWinds’ Web Help Desk (CVE-2024-28987) allows unauthenticated remote access. Although patched in version 12.8.3 HF2, many instances remain vulnerable. The flaw is exploited by criminals, with significant risks of sensitive data exposure. This is SolarWinds’ second critical bug for the product in two months.
### Meeting Takeaways
1. **Credential Vulnerability Identified**: A critical hardcoded credential bug (CVE-2024-28987) has been discovered in SolarWinds’ Web Help Desk products, allowing remote, unauthenticated attackers to access and modify sensitive internal data.
2. **Exploit Status**: The vulnerability has been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. There is currently no detailed information on the scope of the exploitation.
3. **Patch Available**: SolarWinds issued a fix for the vulnerability in August 2023. Users are strongly urged to update from version 12.8.3 HF1 to 12.8.3 HF2, as the patch needs to be manually installed.
4. **Ongoing Risks**: As of late September, around 827 instances of SolarWinds Web Help Desk were still publicly exposed, potentially at risk of exploitation. Research indicates that organizations have unintentionally exposed sensitive IT process information.
5. **Lateral Movement Risk**: While the vulnerability does not fully compromise the Web Help Desk server, there is a high risk of lateral movement through compromised credentials.
6. **Recent Activity Concerns**: This incident marks the second actively exploited bug in SolarWinds Web Help Desk within two months, following another critical vulnerability (CVE-2024-28986) that also received a high CVSS rating (9.8) and was added to CISA’s catalog.
7. **Customer Recommendations**: SolarWinds has encouraged all users to promptly apply the necessary updates and monitor for any unauthorized activity due to previous vulnerabilities.
### Action Items
– **Update Software**: Ensure SolarWinds Web Help Desk is updated to version 12.8.3 HF2 as soon as possible.
– **Monitor Exposed Instances**: Evaluate and secure any exposed instances to prevent potential exploitation.
– **Evaluate Security Protocols**: Review internal processes to address risks related to sensitive information exposure and lateral movement threats.