SolarWinds has issued patches to handle a brand new safety flaw in its Internet Assist Desk (WHD) software program that might enable distant unauthenticated customers to achieve unauthorized entry to inclined cases.
“The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated user to access internal functionality and modify data,” the corporate mentioned in a brand new advisory launched immediately.
The problem, tracked as CVE-2024-28987, is rated 9.1 on the CVSS scoring system, indicating vital severity. Horizon3.ai safety researcher Zach Hanley has been credited with discovering and reporting the flaw.
Customers are really helpful to replace to model 12.8.3 Hotfix 2, however making use of the repair requires Internet Assist Desk 12.8.3.1813 or 12.8.3 HF1.
The disclosure comes per week after SolarWinds moved to resolve one other vital vulnerability in the identical software program that could possibly be exploited to execute arbitrary code (CVE-2024-28986, CVSS rating: 9.8).
The flaw has since come below lively exploitation within the wild, per the U.S. Cybersecurity and Infrastructure Safety Company (CISA), though the way it’s being abused in real-world assaults stays unknown as but.
Further particulars about CVE-2024-28987 are anticipated to be launched subsequent month, making it essential that the updates are put in in a well timed method to mitigate potential threats.
