CVE-2024-28987
Published: 21 August 2024
Summary
CVE-2024-28987 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Solarwinds Web Help Desk. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).
Deeper analysis
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability tracked as CVE-2024-28987 and CWE-798. The flaw permits remote unauthenticated users to access internal functionality and modify data, reflected in its CVSS 3.1 score of 9.1 under the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.
Unauthenticated remote attackers can leverage the embedded credentials to reach otherwise restricted internal functions and alter data within the affected WHD deployments without requiring any user interaction or prior authentication.
SolarWinds has published an advisory and released Web Help Desk version 12.8.3 Hotfix 2 to remediate the issue; the vendor advisory and CISA entry both direct administrators to apply the hotfix promptly.
The vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, and its EPSS score has reached a peak of 0.9725 with a current value of 0.9429, indicating substantial and sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26049
Vulnerability details
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
- CWE(s)
- KEV Date Added
- 15 October 2024
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded credentials in SolarWinds Web Help Desk allow remote unauthenticated attackers to log in using default accounts, directly facilitating T1078.001 Valid Accounts: Default Accounts.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires secure authenticator management, eliminating hardcoded credentials that enable the unauthenticated access in this CVE.
Enforces access control decisions so that internal functionality cannot be reached or modified without valid authentication, blocking the hardcoded-credential bypass.
Mandates identification and authentication of users before granting access to system functions, directly countering the remote unauthenticated exploitation path.