SolarWinds, a popular IT help desk solution provider, has issued a new patch to address a critical vulnerability in its Web Help Desk software. This comes just a week after the company released a fix for another serious flaw in the same product.
The latest vulnerability, identified as CVE-2024-28987, is a result of hardcoded credentials within Web Help Desk. These credentials could potentially be exploited by remote unauthenticated users to gain access to internal functions and manipulate data. The discovery of this vulnerability was credited to Zach Hanley, a researcher from Horizon3.ai, who came across it while investigating a previously patched flaw, CVE-2024-28986, which is currently being actively exploited by cyber attackers, as noted by the US Cybersecurity and Infrastructure Security Agency.
In response to this new security concern, SolarWinds has rolled out Web Help Desk 12.8.3 Hotfix 2, which not only addresses CVE-2024-28987 but also includes fixes from the previous patch for CVE-2024-28986. Additionally, the update introduces enhancements to address a single sign-on (SSO) issue and resolves a bug that affected certain buttons within the client application.
Administrators are strongly advised to apply the latest hotfix promptly. Detailed instructions on how to implement the patch, including necessary manual adjustments, can be found in the accompanying knowledge base article on SolarWinds’ support website.
The significance of addressing these vulnerabilities promptly was stressed by Hanley, who highlighted that unpatched instances of Web Help Desk may inadvertently expose sensitive information to malicious actors. He explained that while vulnerable instances redirect requests to a default login page, patched instances would return no content, signaling an added layer of security.
Given the evolving cybersecurity landscape and the prevalence of threats targeting software vulnerabilities, it is crucial for organizations to stay vigilant and prioritize the timely installation of security patches. By promptly applying updates and following recommended best practices, businesses can mitigate the risk of security breaches and protect their sensitive data from exploitation.
As SolarWinds continues to proactively address security issues within its products, users are encouraged to remain proactive in monitoring for updates and adhering to recommended security protocols. Through collaboration between software vendors and end-users, the collective effort to enhance cybersecurity defenses can help safeguard against potential threats and ensure the integrity of IT systems.