PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
A critical vulnerability in SolarWinds Web Help Desk (WHD), identified as CVE-2024-28987, has been disclosed along with its proof-of-concept (PoC) exploit code. This vulnerability allows unauthenticated attackers to remotely access and manipulate help desk ticket details due to hardcoded developer login credentials. The flaw's discovery and reporting were credited to Zach Henley of Horizon3.ai, who emphasized the potential risk of lateral movement through credential access, despite the server itself not being fully compromised. The PoC code, aimed at extracting recent ticket details from vulnerable servers, is accessible on GitHub. Although a hotfix was released a month prior to the disclosure, around 827 instances of SolarWinds WHD were found exposed online, with some still vulnerable to this exploit. The vulnerability is particularly concerning for the State, Local, and Education (SLED) sectors, which frequently use WHD. This situation underscores the urgency for administrators to update their systems to prevent potential exploitation, especially considering another recent SolarWinds WHD vulnerability (CVE-2024-28986) is already being actively exploited. CVEs: CVE-2024-28986, CVE-2024-28987 [View Article](https://www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/)