SolarWinds released a security advisory to address a critical vulnerability impacting its Web Help Desk (WHD). Tracked as CVE-2024-28987, the vulnerability has a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote, unauthenticated user to access internal functionality and modify data.
Hardcoded or embedded credentials are plain text credentials embedded into the source code. They can be found in source code, CI/CD pipelines, docker images, usernames and passwords, API tokens, and encryption keys. Hardcoded credentials can be a security risk because they are easy targets for password-guessing exploits.
A quick search revealed more than 5,000 targets on Fofa at the time of writing.
Image Source: Fofa
Attackers can use hardcoded credentials to hijack firmware, devices, systems, and software and compromise similar devices or application instances.
SolarWinds Web Help Desk (WHD) is a web-based IT help desk and asset management solution that combines IT ticketing with change management software. WHD helps IT departments gain visibility and control over their IT inventory, manage asset lifecycles, and optimize procurement and budgeting forecasting.
Affected Versions
The vulnerability affects SolarWinds Web Help Desk versions before 12.8.3 Hotfix 2.
Mitigation
Customers are advised to upgrade to SolarWinds Web Help Desk 12.8.3 Hotfix 2 to patch the vulnerability.
For more information, please refer to the SolarWinds Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QIDs 152161 and 731717 to detect vulnerable assets and web applications.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
