The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding the active exploitation of a severe vulnerability in SolarWinds Web Help Desk (WHD) software. This vulnerability, tracked as CVE-2024-28987, carries a high-risk CVSS score of 9.1 and relates to the use of hard-coded credentials within the software. The flaw allows remote, unauthenticated attackers to gain unauthorized access to sensitive internal functions and make modifications to the help desk system. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, stressing that immediate action is necessary to mitigate the risk of further exploitation.
The vulnerability has particularly serious implications for organizations that rely on SolarWinds WHD for managing IT service requests. According to cybersecurity researcher Zach Hanley from Horizon3.ai, the flaw allows attackers to remotely access and alter all help desk ticket details, which often contain highly sensitive information such as password reset requests and shared service account credentials. This makes the vulnerability especially dangerous, as the compromised tickets can expose key internal processes and data, potentially enabling attackers to escalate their privileges within affected systems. Although details of the specific methods of exploitation remain unclear, evidence of ongoing attacks indicates that threat actors are actively targeting organizations using this software.
SolarWinds first disclosed the vulnerability in August 2024, but it quickly became a major focus for cybersecurity professionals when Horizon3.ai released additional technical details in September. These disclosures outlined how attackers could exploit the hard-coded credentials to access critical functionality without authentication. The vulnerability’s emergence follows a similar critical flaw in SolarWinds WHD, tracked as CVE-2024-28986, which was flagged by CISA two months earlier. These vulnerabilities highlight ongoing security challenges in SolarWinds’ software, raising concerns about the robustness of the company’s cybersecurity practices.
In light of the active exploitation of CVE-2024-28987, CISA has issued a directive requiring all Federal Civilian Executive Branch (FCEB) agencies to apply the latest security patches—specifically, version 12.8.3 Hotfix 2 or later—by November 5, 2024. This mandate aims to secure government networks against unauthorized access and prevent further data breaches. CISA also strongly urges other organizations using SolarWinds WHD to immediately implement these patches to safeguard their systems. As cyberattacks on service desk software continue to grow in frequency and sophistication, swift action is necessary to avoid costly and damaging incidents of data exposure or manipulation. Organizations are advised to remain vigilant, regularly monitor security advisories, and ensure that they have strong defense mechanisms in place to protect their critical infrastructure from exploitation.
