WhatsUp Gold is a widely used network monitoring tool developed by Progress Software, valued by organizations for managing IT infrastructure. A critical vulnerability (CVE-2024-8785) has been disclosed in versions of WhatsUp Gold prior to 24.0.1.
| Product | WhatsUp Gold |
| Date | 2024-12-10 16:07:04 |
| Information |
|
Technical Summary
CVE-2024-8785 stems from the improper use of a privileged API endpoint (NmAPI.exe) that allows unauthenticated remote attackers to modify the Windows Registry. Specifically, attackers can overwrite or create registry keys within HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch, redirecting the application’s behavior to load malicious code from attacker-controlled paths.
Recommendations
Update WhatsUp Gold to version 24.0.1 or later to mitigate this vulnerability.
[Callforaction-THREAT-Footer]
