Progress Software program warned prospects to patch a number of vital and high-severity vulnerabilities in its WhatsUp Gold community monitoring software as quickly as doable.
Nonetheless, although it launched WhatsUp Gold 24.0.1, which addressed the problems final Friday and revealed an advisory on Tuesday, the corporate has but to supply any particulars relating to these flaws.
“The WhatsUp Gold group has recognized six vulnerabilities that exist in variations under 24.0.1,” Progress warned prospects this week.
“We’re reaching out to all WhatsUp Gold prospects to improve their surroundings as quickly as doable to model 24.0.1, launched on Friday, September 20. If you’re operating a model older than 24.0.1 and you don’t improve, your surroundings will stay susceptible.”
The one data accessible is that the six vulnerabilities have been reported by Summoning Workforce’s Sina Kheirkhah, Pattern Micro’s Andy Niu, and Tenable researchers and have been assigned the next CVE IDs and CVSS base scores:
To improve to the newest model, obtain the WhatsUp Gold 24.0.1 installer from right here, run it on susceptible WhatsUp Gold servers, and comply with the prompts.
BleepingComputer contacted Progress to request extra particulars about these flaws, however a response was not instantly accessible.
Since August 30, attackers have been exploiting two WhatsUp Gold SQL injection vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671. Each flaws have been patched on August 16 after being reported to Progress by security researcher Sina Kheirkhah by way of the Zero Day Initiative (ZDI) on Might 22.
Kheirkhah launched proof-of-concept (PoC) exploit code for the vulnerabilities two weeks after they have been fastened on August 30 (cybersecurity agency Pattern Micro believes the attackers have used his PoC exploit to bypass authentication and obtain distant code execution).
In early August, risk monitoring group Shadowserver Basis additionally noticed makes an attempt to take advantage of CVE-2024-4885, a vital distant code execution WhatsUp Gold vulnerability disclosed on June 25. Kheirkhah additionally found CVE-2024-4885 and revealed full particulars on his weblog two weeks later.
