The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
Identified as CVE-2024-28987, with a CVSS score of 9.1, the flaw involves hard-coded credentials that could allow unauthorized remote users to access and modify internal data. SolarWinds first disclosed the issue in August 2024, followed by a detailed analysis from cybersecurity firm Horizon3.ai. The vulnerability enables attackers to access sensitive help desk ticket details, including passwords and shared service account credentials.
While it's unclear who is exploiting the flaw or how it's being used in real-world attacks, CISA's advisory highlights the urgency of addressing the issue. This alert comes two months after another critical SolarWinds WHD vulnerability, CVE-2024-28986, was added to the KEV catalog. In response to the ongoing threat, Federal Civilian Executive Branch agencies are required to apply the latest software updates (version 12.8.3 Hotfix 2 or later) by November 5, 2024, to protect their systems.