SolarWinds Web Help Desk Vulnerability Scanner and Exploiter - 20250108002¶

Overview¶

Since publishing Advisory 20241001001, the WA SOC has been notified of a new Python-based exploit and scanner for SolarWinds Web Help Desk. This tool tests if the target is vulnerable to CVE-2024-28987 by attempting to access the /OrionTickets endpoint, and if so, to then retrieve and save all helpdesk tickets from the vulnerable endpoint.

What is vulnerable?¶

Product(s) Affected	Version(s)	CVE	CVSS	Severity
SolarWinds Web Help Desk	Version WHD 12.8.3 HF1 and earlier	CVE-2024-28987	9.1	Critical

What has been observed?¶

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation¶

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

SolarWinds: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987

Additional References¶

Dark Web Informer: https://darkwebinformer.com/cve-2024-28987-scanner-exploiter-solarwinds-web-help-desk/