Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SolarWinds Axes Hardcoded Credentials With Hotfix for Exploited Web Help Desk Flaw

SolarWinds has issued a second Web Help Desk hotfix to remove hardcoded credentials after patching a critical-severity vulnerability last week.

SolarWinds on Wednesday announced a second hotfix for an exploited Web Help Desk vulnerability, which also removes hardcoded credentials disclosed during the deployment of the first hotfix.

The enterprise software maker warns that the hardcoded credential blunder, which was assigned CVE-2024-28987, with a CVSS score of 9.1, could allow a “remote unauthenticated user to access internal functionality and modify data”.

Released for Web Help Desk 12.8.3.1813 or 12.8.3 HF1, the new hotfix not only removes the inadvertently leaked secrets, but also adds more patterns to fix an SSO issue, and resolves the critical-severity remote code execution (RCE) bug that the initial hotfix was meant to address.

“This hotfix addresses the SolarWinds Web Help Desk broken access control remote code execution vulnerability fixed in WHD 12.8.3 Hotfix 1, as well as fixing the SolarWinds Web Help Desk hardcoded credential vulnerability, and restoring the affected product functionality found in WHD 12.8.3 Hotfix 1,” the company notes in its advisory.

The initial flaw, tracked as CVE-2024-28986 (CVSS score of 9.8), is described as a Java deserialization RCE issue that could allow remote attackers to execute commands on the host machine.

The vulnerability is supposedly exploitable without authentication, but SolarWinds claims that it was not able to reproduce it without authentication “after thorough testing”.

Less than two days after SolarWinds announced the hotfix for CVE-2024-28986, the US cybersecurity agency CISA added the bug to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of malicious exploitation.

While no further details were provided, CISA’s quick action suggests that the security defect might have been exploited in the wild before patches were released, as a zero-day. Satellite communications companies Inmarsat and Viasat or one of their customers might have been targeted.

Advertisement. Scroll to continue reading.

Organizations are advised to apply the Web Help Desk 12.8.3 Hotfix 2 as soon as possible. SolarWinds’ advisory contains detailed instructions about the process.

*Updated title, excerpt, and first paragraph after SolarWinds pointed out that the hardcoded credentials were responsibly disclosed during the deployment of the first hotfix and not introduced by it.

Related: SolarWinds Patches Critical Vulnerabilities in Access Rights Manager

Related: CISA Warns of Exploited Vulnerabilities Impacting Dahua Products

Related: Microsoft Copilot Studio Vulnerability Led to Information Disclosure

Related: BillQuick Billing Software Exploited to Hack U.S. Engineering Company

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this in-depth briefing on how to protect executives and the enterprises they lead from the growing convergence of digital, narrative, and physical attacks.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Life360 has appointed Vari Bindra, former Amazon cybersecurity lead, as Chief Information Security Officer.

Forcepoint has appointed Guy Shamilov as CISO, Bakshi Kohli as CTO and Naveen Palavalli as CPO and CMO.

Paul Calatayud has been named CISO of developer security posture management firm Archipelo.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.