Unauthenticated SQL Injection Vulnerability in Pre-2024.0.0 Versions of WhatsUp Gold Allows Access to Encrypted Passwords
CVE-2024-6670

9.8CRITICAL

Key Information:

Vendor
Progress Software
Status
Whatsup Gold
Vendor
CVE Published:
29 August 2024

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 91%🦅 CISA Reported📰 News Worthy

Summary

An unauthenticated SQL injection vulnerability in pre-2024.0.0 versions of WhatsUp Gold from Progress Software Corporation allows the retrieval of encrypted passwords without authentication. Hackers have been actively exploiting this vulnerability since August 30, using publicly available exploit code. They are able to execute remote code, deploy malicious payloads, and establish persistence on compromised systems. The use of multiple remote access tools suggests that ransomware actors may be involved in the attacks. Progress Software released security updates to address the issues, but many organizations have not yet updated their software, leaving them vulnerable to exploitation. This highlights the urgency of addressing the vulnerability to prevent unauthorized access and system compromise.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

News Articles

favicon imageSecurityWeek

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

4 months ago

favicon imageBleepingComputer

Hackers targeting WhatsUp Gold with public exploit since August

Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software.

4 months ago

References

https://www.progress.com/network-monitoring
product
https://community.progress.com/s/article/WhatsUp-Gold-Sec...
vendor-advisory

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseCISA Database2 News Article(s)

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
.