Critical Authentication Flaw in WhatsUp Gold Exposes Organizations to Attack

Home/BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update/Critical Authentication Flaw in WhatsUp Gold Exposes Organizations to Attack

Critical Authentication Flaw in WhatsUp Gold Exposes Organizations to Attack

WhatsUp Gold, a popular network monitoring tool, has a critical vulnerability in versions before 2024.0.0, exposing organizations to potential cyber attacks and unauthorized data access.

CVE-2024-6670 and CVE-2024-6671 are critical SQL Injection flaws (CVSS 9.8) that allow unauthenticated attackers to retrieve encrypted passwords in single-user setups, risking unauthorized system access.

CVE-2024-6672 is a privilege escalation vulnerability with a CVSS score of 8.8, allowing an authenticated low-privileged attacker to exploit SQL Injection to modify a privileged user’s password. By changing the password of higher-level users, the attacker can gain elevated access and perform restricted actions typically limited to administrators or other privileged roles.

This vulnerability creates a serious security risk, as it can lead to unauthorized control over sensitive settings, data, and functions within the system.

CVE-2024-7763 is a critical authentication bypass vulnerability with a CVSS score of 9.8, enabling attackers to obtain encrypted user credentials, potentially leading to unauthorized access to sensitive data and systems. This flaw can be exploited by bypassing typical authentication controls, leaving affected organizations vulnerable to data breaches and system compromise.

Organizations using WhatsUp Gold are strongly advised to assess their systems for signs of compromise. One recommended action is to review entries in the Alert Center Libraries, accessible under Settings > Actions and Alerts. Unusual data in the ‘Name’ column of this section could indicate unauthorized access or manipulation, serving as a potential indicator of exploitation.

Recommendation

  • Organizations need to upgrade to WhatsUp Gold 2024.0.0 quickly to fix vulnerabilities.
  • You can upgrade directly from WhatsUp Gold 20.0.2 or newer.
  • Progress offers help through their professional services team for installation or upgrade support.
  • Before upgrading, check the system requirements and follow the steps in the support article.
  • If you have an active service agreement, contact Progress Technical Support for help.
  • If your service agreement has expired, reach out to Progress Sales to renew your license.
  • These vulnerabilities highlight the need for regular software updates and good security practices.
  • Organizations using WhatsUp Gold should upgrade their systems soon to avoid cyber threats.
  • Users can contact Progress Technical Support or open a new support case online for questions or assistance.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 258
By | 2024-11-04T23:25:34+05:30 October 28th, 2024|BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!