Low-Privileged Authentication Bypass Vulnerability in WhatsUp Gold
CVE-2024-6672

8.8HIGH

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 29 August 2024

Summary

A SQL Injection vulnerability exists in WhatsUp Gold versions prior to 2024.0.0, allowing attackers with low privileges to modify the password of a privileged user. This security flaw can lead to unauthorized access, enabling the attacker to escalate their privileges and gain control over sensitive functionalities within the application. Organizations utilizing this software must evaluate their security posture and apply necessary patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

product

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative