CISA catalog now includes SolarWinds Help Desk software vulnerability

Three vulnerabilities have been added to the Known Exploited Vulnerabilities Catalogue by CISA due to evidence of active exploitation. These vulnerabilities are:

1. Microsoft Windows Kernel TOCTOU Race Condition Vulnerability (CVE-2024-30088) 
2. Mozilla Firefox Use-After-Free Vulnerability (CVE-2024-9680) 
3. SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987) 

These vulnerabilities are frequent attack vectors for malicious actors and pose a significant threat to the federal enterprise. Jason Soroko, Senior Fellow at Sectigo, warns about the dangers of not patching vulnerabilities promptly, stating that cybercriminals do not differentiate between federal and private targets when exploiting a vulnerability.

What is the SolarWinds Web Help Desk Hardcoded Credential Vulnerability? 

The SolarWinds Web Help Desk Hardcoded Credential Vulnerability allows unauthenticated users to remotely access internal functionality and modify information.

Jason Soroko explains, “Hardcoded credentials, like those in CVE-2024-28986, can enable attackers to bypass authentication mechanisms and take control of critical systems without detection. Detecting or modifying hardcoded credentials can be challenging for users, making them a dangerous vulnerability. Once attackers exploit these credentials, they can further compromise a system. This vulnerability is simple to exploit, presenting a high threat level that requires immediate patching.”

Why should corporations care about these vulnerabilities?  

While the warning from CISA is directed at government entities, private companies should also take steps to protect against these vulnerabilities. Omri Weinberg, Co-Founder and CRO at DoControl, emphasizes the importance of addressing these security risks.

Weinberg explains, “The SolarWinds Web Help Desk vulnerability exposes companies to serious security risks. This flaw allows attackers to exploit hardcoded credentials, providing easy access. CISA has confirmed active exploitation of this vulnerability.

“Help desk systems contain sensitive information, such as passwords and system details. Compromising this data gives attackers full access to an organization’s IT environment.

“The ease of exploitation is concerning. Attackers can remotely access systems without authentication, posing a significant threat.

“Once breached, attackers can manipulate data, leading to service disruptions, false information, and a loss of trust in the support infrastructure.

“Corporate security teams must patch this vulnerability immediately. This incident should prompt a review of all SaaS applications, especially those handling sensitive data. In today’s environment, security is only as strong as the weakest application.”