CVE-2024-28989 – SolarWinds Web Help Desk contains a hardcoded c... (How to Fix)

Q: What is the severity of CVE-2024-28989?

CVE-2024-28989 has a CVSS score of 5.5 (MEDIUM). SolarWinds Web Help Desk contains a hardcoded cryptographic key that could allow attackers to decrypt sensitive information stored or transmitted by the software. This affects all organizations running vulnerable versions of SolarWinds Web Help Desk. The vulnerability could expose credentials, configuration data, or other protected information.

📋 TL;DR

SolarWinds Web Help Desk contains a hardcoded cryptographic key that could allow attackers to decrypt sensitive information stored or transmitted by the software. This affects all organizations running vulnerable versions of SolarWinds Web Help Desk. The vulnerability could expose credentials, configuration data, or other protected information.

💻 Affected Systems

Products:

SolarWinds Web Help Desk

Versions: Versions prior to 12.8.5

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Web Help Desk by Solarwinds

View all CVEs affecting Web Help Desk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all encrypted data within Web Help Desk, including administrator credentials, user passwords, API keys, and sensitive configuration information, leading to full system takeover.

🟠

Likely Case

Exfiltration of sensitive configuration data and potentially some user credentials, enabling further attacks within the environment.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent attackers from reaching the vulnerable component or accessing decrypted data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the encrypted data and knowledge of the hardcoded key, but the key is embedded in the software.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.8.5

Vendor Advisory: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28989

Restart Required: Yes

Instructions:

1. Download Web Help Desk 12.8.5 from SolarWinds customer portal. 2. Backup current installation and database. 3. Run the installer to upgrade to version 12.8.5. 4. Restart the Web Help Desk service.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Web Help Desk to only trusted internal networks

Credential Rotation

all

Rotate all passwords and API keys stored in Web Help Desk

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the Web Help Desk interface
Monitor for unusual access patterns or data export activities from the Web Help Desk system

🔍 How to Verify

Check if Vulnerable:

Check Web Help Desk version in administration interface or via Help > About in the application

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Web Help Desk\Version or view Help > About in application

Verify Fix Applied:

Confirm version is 12.8.5 or later in administration interface

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to encrypted data stores
Multiple failed decryption attempts followed by successful access

Network Indicators:

Unexpected outbound connections from Web Help Desk server
Large data transfers from Web Help Desk system

SIEM Query:

source="web_help_desk" AND (event_type="data_access" OR event_type="decryption") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-28989

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-321

EPSS Score: 0.06% exploit probability (19.3th percentile)

Published: February 11, 2025

Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28989, you might also want to check these: