Unauthenticated SQL Injection Vulnerability in WhatsUp Gold Users' Encrypted Passwords
CVE-2024-6671

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 29 August 2024

Badges

📰 News Worthy

Summary

A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.0 that can be exploited by attackers. If the application is configured to allow access for a single user, an unauthenticated attacker can retrieve the encrypted password of that user, potentially compromising account security. This vulnerability highlights the importance of secure application configuration and adherence to best security practices.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

News Articles

CVE-2024-6670 CVE-2024-6671

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

4 months ago

thmubnail image

References

https://www.progress.com/network-monitoring

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by SecurityWeek
Sep 17, 2024
Vulnerability published
Aug 29, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative

.