Due to evidence of active exploitation, CISA added three vulnerabilities to its Known Exploited Vulnerabilities Catalogue. These vulnerabilities are:
- Microsoft Windows Kernel TOCTOU Race Condition Vulnerability (CVE-2024-30088)
- Mozilla Firefox Use-After-Free Vulnerability (CVE-2024-9680)
- SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)
These are frequent attack vectors for malicious actors and are a particular threat to the federal enterprise. Jason Soroko, Senior Fellow at Sectigo, comments, “Failing to patch promptly exposes corporations to the same threats that target governments, as cybercriminals often do not differentiate between federal and private targets when exploiting a vulnerability.”
What is the SolarWinds Web Help Desk Hardcoded Credential Vulnerability?
The SolarWinds Web Help Desk Hardcoded Credential Vulnerability could permit an unauthenticated users to remotely access internal functionality and alter information.
“Vulnerabilities involving hardcoded credentials, as seen in CVE-2024-28986, can allow attackers to bypass authentication mechanisms, gaining control over critical systems without detection,” Soroko explains. “Hardcoded credentials are especially dangerous because they are often difficult for users to detect or modify. Once discovered by an attacker, these credentials can open the door for further exploitation of a system. Since this vulnerability is relatively simple to exploit, the threat level is high, and patching it should be prioritized.”
Why should corporations care about these vulnerabilities?
Although the CISA aims this warning at government bodies, private entities are also encouraged to take the appropriate steps to secure against these vulnerabilities. Omri Weinberg, Co-Founder and CRO at DoControl explains why companies should take precautions.
Weinberg stattes, “This SolarWinds Web Help Desk vulnerability is a perfect storm of security risks. We’re talking about hardcoded credentials, a critical flaw that essentially leaves the door wide open for attackers. And it’s not just theoretical; CISA has confirmed it’s being actively exploited in the wild.
“While CISA’s directive is aimed at federal agencies, corporate security teams need to treat this with the same urgency. Here’s why:
“First, help desk systems are treasure troves of sensitive information. Think about it: password reset requests, service account credentials, detailed system information. If compromised, it’s like handing over the keys to your entire IT kingdom.
“Second, the ease of exploitation is alarming. This isn’t some complex, multi-step attack. We’re talking about unauthenticated, remote access. It’s practically a walk in the park for skilled attackers.
“Lastly, once breached, this vulnerability allows attackers to modify data. This isn’t just about data theft, it's about potential service disruptions, falsified tickets, and a complete erosion of trust in your support infrastructure.
“Corporate security teams should patch this immediately, full stop. But more than that, this should serve as a wake-up call to audit all your SaaS applications, especially those handling sensitive data. In today’s landscape, you’re only as secure as your most vulnerable application.”
