Ethical Hacking News
A critical hardcoded credentials flaw has been found in SolarWinds Web Help Desk, a widely used IT help desk suite employed by 300,000 customers worldwide. The vulnerability allows remote unauthenticated attackers to access or modify data on WHD endpoints without any restriction. Federal agencies and organizations are advised to update to a safe version or stop using the product by November 5, 2024.
SolarWinds Web Help Desk, used by 300,000 customers worldwide, has a hardcoded credentials flaw (CVE-2024-28987) that allows remote attackers to access or modify data without restriction.The vulnerability is currently being leveraged by hackers, prompting the US government agency CISA to issue an alert and advising federal agencies and organizations to stop using the product by November 5, 2024.A second vulnerability (CVE-2024-30088) related to Windows has been discovered and actively exploited by OilRig (APT34), who elevated privileges to SYSTEM level on compromised devices.A zero-day vulnerability (CVE-2024-9680) in Mozilla Firefox was discovered, fixed quickly, and appears to originate from Russia for espionage operations.
SolarWinds Web Help Desk, a widely used IT help desk suite employed by 300,000 customers worldwide, including government agencies, large corporations, and healthcare organizations, has been found to be vulnerable to a critical hardcoded credentials flaw. The vulnerability, tracked as CVE-2024-28987, was discovered by Horizon3.ai researcher Zach Hanley in late August 2024, just four days after SolarWinds issued a hotfix for the issue.
This critical vulnerability allows remote unauthenticated attackers to access or modify data on WHD endpoints without any restriction, using hardcoded credentials of "helpdeskIntegrationUser" and "dev-C4F8025E7". The exploitability of this flaw has already been demonstrated in attacks in the wild.
According to CISA (Cybersecurity and Infrastructure Security Agency), the SolarWinds Web Help Desk flaw is currently being leveraged by hackers, prompting the U.S. government agency to issue an alert for the vulnerability. Federal agencies and organizations are advised to update to a safe version or stop using the product by November 5, 2024.
In addition to this critical hardcoded credentials flaw in SolarWinds Web Help Desk, CISA has also added two other vulnerabilities to its 'Known Exploited Vulnerabilities' (KEV) catalog. The first one is related to Windows, with a Kernel TOCTOU race condition tracked as CVE-2024-30088, which was discovered to be actively exploited by Trend Micro.
Trend Micro attributed the malicious activity to OilRig (APT34), who leveraged the flaw to elevate their privileges to the SYSTEM level on compromised devices. Microsoft addressed this vulnerability in its June 2024 Tuesday Patch pack, but it is unclear when active exploitation started.
The second vulnerability is related to Mozilla Firefox, with a zero-day tracked as CVE-2024-9680. The Mozilla Firefox CVE-2024-9680 flaw was discovered by ESET researcher Damien Schaeffer on October 8, 2024, and fixed by Mozilla just 25 hours later. Although ESET is still analyzing the attack they observed, a spokesperson told BleepingComputer that the malicious activity appears to originate from Russia and was likely used for espionage operations.
The SolarWinds Web Help Desk flaw has already gained attention due to its widespread impact on various organizations across different sectors. Given the active exploitation status of CVE-2024-28987, it is recommended that system administrators take appropriate measures to secure WHD endpoints sooner than the set deadline and patch these flaws by November 5.
In conclusion, this recent vulnerability in SolarWinds Web Help Desk highlights the urgent need for organizations to prioritize cybersecurity. Given the critical nature of the flaw and its active exploitation status, taking swift action is crucial to protect against potential attacks and data breaches.
Related Information:
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-28987
https://www.cvedetails.com/cve/CVE-2024-28987/
https://nvd.nist.gov/vuln/detail/CVE-2024-30088
https://www.cvedetails.com/cve/CVE-2024-30088/
https://nvd.nist.gov/vuln/detail/CVE-2024-9680
https://www.cvedetails.com/cve/CVE-2024-9680/
Published: Wed Oct 16 23:46:50 2024 by llama3.2 3B Q4_K_M
