Summary: Progress Software has identified six critical vulnerabilities in its network monitoring application, WhatsUp Gold, which could allow unauthorized access and control over network infrastructure. Organizations are urged to upgrade to version 24.0.1 to mitigate these risks.
Threat Actor: Unknown | unknown
Victim: Progress Software customers | Progress Software
Key Point :
- Six critical vulnerabilities have been discovered in WhatsUp Gold, affecting all versions below 24.0.1.
- Vulnerabilities include CVE-2024-46909 and CVE-2024-8785, both with a CVSS score of 9.8, indicating high severity.
- Previous vulnerabilities have already been exploited, highlighting the urgency for organizations to upgrade to version 24.0.1.
- Progress Software is proactively contacting customers to ensure they address these vulnerabilities promptly.
In a recent security bulletin, Progress Software has announced the discovery of six critical vulnerabilities affecting its popular network monitoring application, WhatsUp Gold. Organizations worldwide rely on WhatsUp Gold to track the uptime and availability of servers and the services running on them. However, these newly identified vulnerabilities pose significant risks, potentially allowing unauthorized access and control over network infrastructure.
The six vulnerabilities affect all versions of WhatsUp Gold below 24.0.1. They have been assigned the following Common Vulnerabilities and Exposures (CVE) identifiers and severity scores:
- CVE-2024-46909: CVSS 9.8
- CVE-2024-8785: CVSS 9.8
- CVE-2024-46908: CVSS 8.8
- CVE-2024-46907: CVSS 8.8
- CVE-2024-46906: CVSS 8.8
- CVE-2024-46905: CVSS 8.8
While detailed information about these vulnerabilities is currently restricted to prevent exploitation, their high severity scores indicate that they could allow attackers to execute remote code, gain unauthorized access, or disrupt network services.
This isn’t the first time WhatsUp Gold has been in the security spotlight. Recently disclosed vulnerabilities, such as CVE-2024-4885—a critical unauthenticated remote code execution flaw impacting versions 23.1.2 and older—have already been exploited in the wild. Additionally, two SQL injection vulnerabilities, CVE-2024-6670 and CVE-2024-6671, have been used by hackers since August 30 to retrieve encrypted passwords without authentication.
These incidents underscore the urgency for organizations to address the newly discovered vulnerabilities promptly.
Progress Software is proactively reaching out to all WhatsUp Gold customers, urging them to upgrade their environments to the newly released version 24.0.1, which addresses all six vulnerabilities.
Related Posts:
Source: https://securityonline.info/critical-whatsup-gold-vulnerabilities-demand-immediate-action