A critical vulnerability in a SolarWinds product is being exploited in the wild, and now US government agencies have a deadline to patch it or lose it.
The American Cybersecurity and Infrastructure Security Agency (CISA) added this CVE-2024-28987 added to the Known Exploited Vulnerabilities (KEV) catalog. When a vulnerability is added to this list, it means there is evidence of exploitation in the wild.
This flaw is in Web Help Desk, a web-based IT service management software that streamlines and automates help desk ticketing, asset management, and IT service management processes. Considered one of SolarWinds’ most popular products, it offers things like ticketing, incident and problem management, and a self-service portal. IT support teams around the world use this product every day.
Patching deadline
The bug is the result of a simple mistake by the SolarWinds team: the administrator credentials were left hardcoded in the Web Help Desk. This means that miscreants can easily gain access to their targets’ endpoints by logging in as an administrator. This bug has a severity rating of 9.1/10 and is considered critical. It affects Web Help Desk 12.8.3 HF1 and all previous versions.
The first clean version is 12.8.3 HF2.
Because the patch is available, federal agencies have a three-week deadline (by November 5) to apply it. It must be applied manually as there is no automatic solution. Alternatively, they can stop using the tool altogether.
Hardcoded references are common. For example, last October, Cisco Emergency Responder (CER), the company’s emergency communications system used to respond to crises in a timely manner, was discovered to have hard-coded login credentials. In March 2024, researchers discovered that millions of GitHub projects had the same problem.
CISA has not detailed who the crooks are, who they are targeting with this vulnerability, or how it is being exploited in the real world.
Via The hacker news