Cyber Resilience

CVE-2024-28987

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 21 August 2024

Published
21 August 2024
Modified
27 October 2025
KEV Added
15 October 2024
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.9429 99.9th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28987 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability tracked as CVE-2024-28987 and CWE-798. The flaw permits remote unauthenticated users to access internal functionality and modify data, reflected in its CVSS 3.1 score of 9.1 under the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Unauthenticated remote attackers can leverage the embedded credentials to reach otherwise restricted internal functions and alter data within the affected WHD deployments without requiring any user interaction or prior authentication.

SolarWinds has published an advisory and released Web Help Desk version 12.8.3 Hotfix 2 to remediate the issue; the vendor advisory and CISA entry both direct administrators to apply the hotfix promptly.

The vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, and its EPSS score has reached a peak of 0.9725 with a current value of 0.9429, indicating substantial and sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

CWE(s)
KEV Date Added
15 October 2024

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hardcoded credentials in SolarWinds Web Help Desk allow remote unauthenticated attackers to log in using default accounts, directly facilitating T1078.001 Valid Accounts: Default Accounts.

Affected Assets

solarwinds
web help desk
12.8.3 · ≤ 12.8.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires secure authenticator management, eliminating hardcoded credentials that enable the unauthenticated access in this CVE.

prevent

Enforces access control decisions so that internal functionality cannot be reached or modified without valid authentication, blocking the hardcoded-credential bypass.

prevent

Mandates identification and authentication of users before granting access to system functions, directly countering the remote unauthenticated exploitation path.

References