The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised an alert regarding an ongoing exploitation of a critical security flaw in SolarWinds Web Help Desk (WHD) software, known as CVE-2024-28987, which involves hardcoded credentials allowing unauthorized access and modifications
Despite the specific details being disclosed by SolarWinds months ago, the issue poses a threat by enabling remote attackers to read and manipulate help desk ticket information containing sensitive data. CISA's directive to Federal Civilian Executive Branch agencies to install the latest patches by November 5, 2024, underscores the urgency in securing networks. Meanwhile, the actual exploitation methods and actors behind the attacks remain unclear amidst concerns following a previously reported vulnerability in the same software. ```https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html