Demo of the CyCognito PlatformSee the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. More...
State of External Exposure Management, Summer 2024 EditionDownload the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. More...
The Total Economic Impact™ of The CyCognito PlatformRead The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...
CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in the SolarWinds Web Help Desk (WHD) software. If exploited, this Java deserialization remote code execution (RCE) vulnerability allows attackers remote unauthenticated access to create, read, update and delete data on specific WHD endpoints.
Web Help Desk is SolarWinds IT ticketing and asset management software. CVE-2024-28987 affects WHD version 12.8.3 HF1, as well as all previous versions.
This critical vulnerability was patched by SolarWinds in August 2024. Organizations can patch this vulnerability by upgrading to version 12.8.3 HF2.
Indicators of compromise (IOCs) can be found in the Web Help Desk log, which records limited details about requests to C:\Program Files\WebHelpDesk\Logs\whd_access_log.<YYYY-MM-DD>.log. If unrecognized IP addresses appear enumerating the OrionTicket endpoints, it may indicate exploitation of the CVE-2024-28987.
Initially, although this vulnerability was reported and listed with CISA’s Known Exploited Vulnerability (KEV) catalog as an unauthenticated vulnerability, researchers were not able to replicate the vulnerability without authentication.
On September 25th, Horizon3.ai analyst Zach Hanley published a proof of concept (POC) showing unauthenticated exploitation of this vulnerability. While no attackers have been observed in the wild leveraging this issue, another recently patched SolarWinds WHD flaw, CVE-2024-28986, is being actively exploited.
CyCognito customers will see results from active and passive tests for this vulnerability in their next data update. All customers have access to an in-platform emerging security issue announcement as of September 29th, 2024. As of this publication, no vulnerable assets have been detected.
Figure 1: The alert sent by CyCognito for CVE-2024-28987
CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.
Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.
For more information, follow us on Twitter @cycognito.
Privacy Policy Terms of Service Sitemap