Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The new flaw was discovered just a week after the previous vulnerability in the same product.
SolarWinds has released updates to address a critical vulnerability in its Web Help Desk (WHD) software. The issue, identified CVE-2024-28987 and rated 9.1 by the CVSS system, could allow remote unauthenticated users to gain unauthorized access to vulnerable instances of the system.
Horizon3 security researcher Zach Hanley was found responsible for detecting and reporting the issue. The vulnerability is reportedly related to the presence of built-in hard-coded credentials.
To protect against the vulnerability, users are advised to update to version 12.8.3 of Hotfix 2. However, for this update to be successful, you must first install Web Help Desk versions 12.8.3.1813 or 12.8.3 HF1.
This incident comes just a week after SolarWinds released an update to address another critical vulnerability in the same software that could be used to execute arbitrary code (CVE-2024-28986, CVSS score: 9.8).
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this vulnerability is already being actively exploited in real-world attacks, although the details of its exploitation remain unknown.
In the meantime, more information about CVE-2024-28987 is expected next month. It's critical to install security updates as soon as possible to minimize potential risks.
Source
SolarWinds has released updates to address a critical vulnerability in its Web Help Desk (WHD) software. The issue, identified CVE-2024-28987 and rated 9.1 by the CVSS system, could allow remote unauthenticated users to gain unauthorized access to vulnerable instances of the system.
Horizon3 security researcher Zach Hanley was found responsible for detecting and reporting the issue. The vulnerability is reportedly related to the presence of built-in hard-coded credentials.
To protect against the vulnerability, users are advised to update to version 12.8.3 of Hotfix 2. However, for this update to be successful, you must first install Web Help Desk versions 12.8.3.1813 or 12.8.3 HF1.
This incident comes just a week after SolarWinds released an update to address another critical vulnerability in the same software that could be used to execute arbitrary code (CVE-2024-28986, CVSS score: 9.8).
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this vulnerability is already being actively exploited in real-world attacks, although the details of its exploitation remain unknown.
In the meantime, more information about CVE-2024-28987 is expected next month. It's critical to install security updates as soon as possible to minimize potential risks.
Source
