ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987)

SID: 2056167Rev: 1216 viewsHistory

Sourceet/open

CreatedSeptember 25, 2024

UpdatedSeptember 25, 2024

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987)"; flow:established,to_server; http.uri; content:"/helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/"; fast_pattern; http.header; content:"Authorization|3a 20|Basic|20|aGVscGRlc2tJbnRlZ3JhdGlvblVzZXI6ZGV2LUM0RjgwMjVFNw=="; reference:url,www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/; reference:cve,2024-28987; classtype:attempted-admin; sid:2056167; rev:1; metadata:affected_product SolarWinds, attack_target Server, tls_state TLSDecrypt, created_at 2024_09_25, cve CVE_2024_28987, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_09_25; target:dest_ip;)

References

url	www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
cve	2024-28987

Metadata

affected productSolarWinds

attack targetServer

tls stateTLSDecrypt

created at2024_09_25

cveCVE-2024-28987

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2024_09_25

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!