{"id":1175,"date":"2024-09-30T09:00:00","date_gmt":"2024-09-30T16:00:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1175"},"modified":"2024-09-30T07:34:27","modified_gmt":"2024-09-30T14:34:27","slug":"emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/","title":{"rendered":"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987"},"content":{"rendered":"\n

What is CVE-2024-28987? <\/h2>\n\n\n\n

CVE-2024-28987<\/a> is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in the SolarWinds Web Help Desk (WHD) software. If exploited, this Java deserialization remote code execution (RCE) vulnerability allows attackers remote unauthenticated access to create, read, update and delete data on specific WHD endpoints<\/a>.   <\/p>\n\n\n\n

What assets are affected by this vulnerability? <\/h2>\n\n\n\n

Web Help Desk is SolarWinds IT ticketing and asset management software. CVE-2024-28987 affects WHD version 12.8.3 HF1, as well as all previous versions. <\/p>\n\n\n\n

Is a fix available? <\/h2>\n\n\n\n

This critical vulnerability was patched by SolarWinds<\/a> in August 2024. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2.  <\/p>\n\n\n\n

Are there any indicators of compromise? <\/h2>\n\n\n\n

Indicators of compromise (IOCs) can be found in the Web Help Desk log, which records limited details about requests to C:\\Program Files\\WebHelpDesk\\Logs\\whd_access_log.<YYYY-MM-DD>.log. If unrecognized IP addresses appear enumerating the OrionTicket endpoints, it may indicate exploitation of the CVE-2024-28987.<\/p>\n\n\n\n

Is CVE-2024-28987 being actively exploited? <\/h2>\n\n\n\n

Initially, although this vulnerability was reported and listed with CISA\u2019s Known Exploited Vulnerability<\/a> (KEV) catalog as an unauthenticated vulnerability, researchers were not able to replicate the vulnerability without authentication.<\/p>\n\n\n\n

On September 25th, Horizon3.ai analyst Zach Hanley<\/a> published a proof of concept (POC) showing unauthenticated exploitation of this vulnerability. While no attackers have been observed in the wild leveraging this issue, another recently patched SolarWinds WHD flaw, CVE-2024-28986<\/a>, is being actively exploited.   <\/p>\n\n\n\n

How is CyCognito helping customers identify assets vulnerable to CVE-2024-28987? <\/h2>\n\n\n\n

CyCognito customers will see results from active and passive tests for this vulnerability in their next data update. All customers have access to an in-platform emerging security issue announcement as of September 29th, 2024. As of this publication, no vulnerable assets have been detected.\u00a0 \u00a0\u00a0<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Figure 1: The alert sent by CyCognito for CVE-2024-28987<\/p>\n\n\n\n

How can CyCognito help your organization? <\/h2>\n\n\n\n

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour<\/a>. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page<\/a> to schedule a demo.<\/p>\n","protected":false},"excerpt":{"rendered":"

CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in SolarWinds Web Help Desk (WHD) software. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2. CyCognito discovery and testing engines actively detect CVE-2024-28987 and customers have access to an in-platform emerging security issue announcement as of September 29th, 2024. <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[58,109,189,190,57],"class_list":["post-1175","post","type-post","status-publish","format-standard","hentry","category-research","tag-cve","tag-solarwinds","tag-solarwinds-web-help-desk","tag-unauthenticated-access","tag-vulnerability"],"yoast_head":"\nEmerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987 | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"CVE-2024-28987 is a critical vulnerability in SolarWinds Web Help Desk (WHD) software actively detected by CyCognito.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987\" \/>\n<meta property=\"og:description\" content=\"CVE-2024-28987 is a critical vulnerability in SolarWinds Web Help Desk (WHD) software actively detected by CyCognito.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-30T16:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2024-10-02-2400x1256-email.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Emma Zaballos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Zaballos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\"},\"author\":{\"name\":\"Emma Zaballos\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\"},\"headline\":\"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987\",\"datePublished\":\"2024-09-30T16:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\"},\"wordCount\":433,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1-1280x744.webp\",\"keywords\":[\"CVE\",\"SolarWinds\",\"SolarWinds Web Help Desk\",\"Unauthenticated Access\",\"Vulnerability\"],\"articleSection\":[\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\",\"name\":\"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987 | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1-1280x744.webp\",\"datePublished\":\"2024-09-30T16:00:00+00:00\",\"description\":\"CVE-2024-28987 is a critical vulnerability in SolarWinds Web Help Desk (WHD) software actively detected by CyCognito.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1.webp\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1.webp\",\"width\":1944,\"height\":1130},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58\",\"name\":\"Emma Zaballos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g\",\"caption\":\"Emma Zaballos\"},\"description\":\"Product Marketing Manager\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987 | CyCognito Blog","description":"CVE-2024-28987 is a critical vulnerability in SolarWinds Web Help Desk (WHD) software actively detected by CyCognito.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/","og_locale":"en_US","og_type":"article","og_title":"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987","og_description":"CVE-2024-28987 is a critical vulnerability in SolarWinds Web Help Desk (WHD) software actively detected by CyCognito.","og_url":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/","og_site_name":"CyCognito Blog","article_published_time":"2024-09-30T16:00:00+00:00","og_image":[{"width":2400,"height":1256,"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/banner-blog-2024-10-02-2400x1256-email.png","type":"image\/png"}],"author":"Emma Zaballos","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Emma Zaballos","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/"},"author":{"name":"Emma Zaballos","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58"},"headline":"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987","datePublished":"2024-09-30T16:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/"},"wordCount":433,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1-1280x744.webp","keywords":["CVE","SolarWinds","SolarWinds Web Help Desk","Unauthenticated Access","Vulnerability"],"articleSection":["Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/","url":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/","name":"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987 | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1-1280x744.webp","datePublished":"2024-09-30T16:00:00+00:00","description":"CVE-2024-28987 is a critical vulnerability in SolarWinds Web Help Desk (WHD) software actively detected by CyCognito.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1.webp","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CVE-2024-28987-Figure-1.webp","width":1944,"height":1130},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/emerging-security-issue-solarwinds-web-help-desk-cve-2024-28987\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/42c314196e7f096a74bd885693643d58","name":"Emma Zaballos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ff812a5ab34a955a1e815e6719c68a7?s=96&d=mm&r=g","caption":"Emma Zaballos"},"description":"Product Marketing Manager","url":"https:\/\/www.cycognito.com\/blog\/author\/emma-zaballos\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=1175"}],"version-history":[{"count":4,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1175\/revisions"}],"predecessor-version":[{"id":1183,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1175\/revisions\/1183"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=1175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=1175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=1175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}