SolarWinds has recently identified a critical security vulnerability in its Web Help Desk product, where hardcoded credentials were left within the software. This flaw allows remote, unauthenticated attackers to log into vulnerable instances, access internal functionalities, and potentially modify sensitive data.
The issue, tracked as CVE-2024-28987, has been given a severe CVSS rating of 9.1 out of 10. There is an urgent need to update now to protect against unauthorized remote access.
SolarWinds has released patches to address a critical security flaw in its Web Help Desk software, which could potentially allow remote, unauthenticated users to gain unauthorized access to vulnerable systems. The flaw, identified as a hardcoded credential vulnerability, enables attackers to access internal functionalities and modify data without proper authorization.
The vulnerability affects Web Help Desk version 12.8.3 HF1 and all earlier versions. SolarWinds has released an update to address this issue, with the fix available in version 12.8.3 HF2. Users are strongly encouraged to install this hotfix, which was issued on August 21, 2024. It's important to note that this patch must be manually installed to secure affected systems and prevent potential exploitation.
In response, SolarWinds has issued a new advisory urging users to apply the latest patches to protect their systems from potential exploitation. Users of the affected software versions are strongly encouraged to install the update to mitigate the risk associated with this vulnerability.
This disclosure follows closely on the heels of another critical vulnerability in the same software, which SolarWinds addressed just a week earlier. That flaw could be exploited to execute arbitrary code and has reportedly come under active exploitation in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency. While details of how CVE-2024-28986 is being abused in real-world attacks remain unclear, the urgency to patch is heightened.
Given that additional information about CVE-2024-28987 is expected to be released next month, it is crucial for users to promptly install the updates to protect their systems from potential threats and prevent exploitation.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.