Critical SQL Injection vulnerability in Progress WhatsUp Gold allows full system compromise

ISGroup Cybersecurity

CVE-2024-6670 is a critical vulnerability in the Progress Software WhatsUp Gold application, used for network monitoring and management. The vulnerability consists of an SQL Injection flaw that allows unauthenticated attackers to manipulate queries to the application’s database. This enables the retrieval of sensitive information, such as encrypted user passwords, without the need for any prior authentication.

This vulnerability has already been actively exploited, as indicated in the CISA Known Exploited Vulnerabilities catalog. It has received a CVSS score of 9.8, reflecting a high level of severity due to its potential impact on the confidentiality, integrity, and availability of affected systems. Exploitation began shortly after the publication of a proof-of-concept, highlighting the urgency for organizations to apply the available patches.

To mitigate the risk, users are advised to immediately apply the patches released by the vendor and ensure that WhatsUp Gold instances are not publicly accessible. Additional security measures such as robust password policies and restricting access to the application can help protect systems from this vulnerability.

ProductWhatsUp Gold
Date2024-09-19 08:02:01
Information
  • Trending
  • Fix Available
  • Active Exploitation

Technical Summary

A severe SQL injection vulnerability in Progress WhatsUp Gold allows unauthenticated attackers to modify the encrypted password of the sole user in systems configured with only one user. This could allow unauthorized access, leading to a complete system compromise. With confirmed exploitation already underway and the vulnerability now included in CISA’s Known Exploited Vulnerabilities catalog, it is critical to apply the available patches immediately to prevent unauthorized access.

Recommendations

To mitigate the risks associated with CVE-2024-6670 in WhatsUp Gold, it is essential to act immediately:

  1. Apply patches: Update to the latest version of WhatsUp Gold (version 2024.0.0 or later), which addresses this SQL Injection vulnerability.

  2. Restrict access: Ensure that the WhatsUp Gold application is not accessible from public networks. Restrict access only to trusted internal networks.

  3. Monitor indicators: Observe any anomalous data entries in the application, such as unusual activity in the “Name” column of the WhatsUp Gold interface, which could indicate a compromise.

By following these steps, you can significantly reduce the risk of exploitation and protect your network monitoring infrastructure from potential attacks.

[Callforaction-THREAT-Footer]