SolarWinds throws keys to help desk software up for grabs

A bug in SolarWinds Web Help Desk is being actively exploited. SolarWinds left credentials of the software loose in the source code.

CISA, the U.S. government’s cybersecurity body, warns of a bug in SolarWinds that could have serious consequences. Vulnerability CVE-2024-28987 gives attackers the keys to Web Help Desk, a software for IT help desks. Once inside, they can modify internal functionalities and capture sensitive data. The vulnerability is also actively exploited.

Negligence

The vulnerability is a result of negligence at SolwarWinds. The IT company left credentials of the software hardcoded in the source code. “While this vulnerability does not lead to the complete compromise of the WHD server itself, we felt the risk of lateral movement through credentials was high,” SolarWinds explains. More than 800 Web Help desk environments have been exposed over the Internet.

SolarWinds discovered its flaw in August and has since rolled out several hot patches for Web Help Desk. Needless to say, the company is urging customers to implement the patch as soon as possible. The vulnerability has been added to CISA’ s list of actively exploited vulnerabilities.

The patch resolves another vulnerability, CVE-2024-28986. This vulnerability arises from a deserialization error in Java code and enables remote code execution. With a CVSS score of 9.6, CVE-2024-28986 is even more critical than CVE-2024-28987, which is assigned a score of 9.1.

Déjà vu

Does the name SolarWinds mean anything to you? To refresh your memory, the company owns the infamous Orion platform that fell prey to Russian hackers in 2020. The hackers installed loopholes in the software to spy on tens of thousands of the company’s customers. The leak also had implications in Belgium.