Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SolarWinds Axes Hardcoded Credentials With Hotfix for Exploited Web Help Desk Flaw

SolarWinds has issued a second Web Help Desk hotfix to remove hardcoded credentials after patching a critical-severity vulnerability last week.

SolarWinds on Wednesday announced a second hotfix for an exploited Web Help Desk vulnerability, which also removes hardcoded credentials disclosed during the deployment of the first hotfix.

The enterprise software maker warns that the hardcoded credential blunder, which was assigned CVE-2024-28987, with a CVSS score of 9.1, could allow a “remote unauthenticated user to access internal functionality and modify data”.

Released for Web Help Desk 12.8.3.1813 or 12.8.3 HF1, the new hotfix not only removes the inadvertently leaked secrets, but also adds more patterns to fix an SSO issue, and resolves the critical-severity remote code execution (RCE) bug that the initial hotfix was meant to address.

“This hotfix addresses the SolarWinds Web Help Desk broken access control remote code execution vulnerability fixed in WHD 12.8.3 Hotfix 1, as well as fixing the SolarWinds Web Help Desk hardcoded credential vulnerability, and restoring the affected product functionality found in WHD 12.8.3 Hotfix 1,” the company notes in its advisory.

The initial flaw, tracked as CVE-2024-28986 (CVSS score of 9.8), is described as a Java deserialization RCE issue that could allow remote attackers to execute commands on the host machine.

The vulnerability is supposedly exploitable without authentication, but SolarWinds claims that it was not able to reproduce it without authentication “after thorough testing”.

Less than two days after SolarWinds announced the hotfix for CVE-2024-28986, the US cybersecurity agency CISA added the bug to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of malicious exploitation.

While no further details were provided, CISA’s quick action suggests that the security defect might have been exploited in the wild before patches were released, as a zero-day. Satellite communications companies Inmarsat and Viasat or one of their customers might have been targeted.

Advertisement. Scroll to continue reading.

Organizations are advised to apply the Web Help Desk 12.8.3 Hotfix 2 as soon as possible. SolarWinds’ advisory contains detailed instructions about the process.

*Updated title, excerpt, and first paragraph after SolarWinds pointed out that the hardcoded credentials were responsibly disclosed during the deployment of the first hotfix and not introduced by it.

Related: SolarWinds Patches Critical Vulnerabilities in Access Rights Manager

Related: CISA Warns of Exploited Vulnerabilities Impacting Dahua Products

Related: Microsoft Copilot Studio Vulnerability Led to Information Disclosure

Related: BillQuick Billing Software Exploited to Hack U.S. Engineering Company

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights