Remote Code Execution Vulnerability in WhatsUp Gold

CVE-2024-8785

Summary

The vulnerability CVE-2024-8785 affects WhatsUp Gold versions released before 2024.0.1, allowing unauthenticated attackers to leverage NmAPI.exe to create or change registry values. This can lead to a remote code execution vulnerability, making it a critical issue. A PoC exploit for this vulnerability has been published, and it is important for users to upgrade to version 24.0.1 as soon as possible to mitigate the risk of exploitation. In the past, attackers have capitalized on publicly released PoC exploits for other WhatsUp Gold flaws, highlighting the urgency of addressing this vulnerability.

News Articles

Help Net Security

CVE-2024-42448CVE-2024-8785

Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console

1 month ago

Help Net Security

CVE-2024-8785

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution flaw in Progress WhatsUp Gold.

1 month ago

BleepingComputer

CVE-2024-8785

Exploit released for critical WhatsUp Gold RCE flaw, patch now

A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible.

1 month ago

References