Back to Blog

OSOC Update: Critical SQL Vulnerability in Progress WhatsUp Gold

By
Rob Kraus
,
Vice President, Security Services
Contents

Evolve Security is writing to update you of a critical SQL vulnerability identified as CVE-2024-6670 in Progress WhatsUp Gold. It is worth underlining that threat actors are actively exploiting proof of concept (PoC) exploits to conduct opportunistic attacks.

Vulnerability Overview

CVE-2024-6670 is a critical SQL injection vulnerability, assigned a CVSS v3score of 9.8. Security researcher Sina Kheirkhah from Summoning Team discovered if WhatsUp Gold is configured with only a single user, attackers without prior authentication can exploit this vulnerability to access encrypted passwords. This CVE affects all versions of the WhatsUp Gold network monitoring software prior to version 2024.0.0. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) list on September 16, 2024 indicating it has been targeted and exploited in the wild.

Observed exploitation attempts indicate attackers bypassing WhatsUp Gold’s authentication and installing remote access tools. The use of these tools suggests attackers may be setting up for ransomware deployment.

Remediation Guidance

The developer, Progress Software, issued a patch for this critical vulnerability in August 2024, along with CVE-2024-6671. To safeguard your systems, make sure to upgrade to WhatsUp Gold version 2024.0.0 or newer. Progress Software has noted that unusual entries in the "Name" column of the WhatsUp Gold user interface might indicate compromise. You can investigate this further by going to Settings > Actions and Alerts > Alert Center Libraries > Threshold tab.

References

https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/

https://www.cve.org/CVERecord?id=CVE-2024-6670

https://nvd.nist.gov/vuln/detail/CVE-2024-6670

https://github.com/sinsinology/CVE-2024-6670

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

Evolve Security Actions

Evolve security has reviewed all client vulnerability data and determined there are no instances of this vulnerability identified across our client base. However, it is still recommended organizations proactively identify vulnerable versions and apply remediation recommendations as appropriate. Most organizations do not include all assets in their regular vulnerability testing so it is important to validate applicability to those assets that may not be in the regular scope for testing.

WHITE PAPER
Empower your organization against cyber threats! Use our groundbreaking insights on Managing Risks With External Attack Surface Management

Uncover the strategies to fortify your defenses in our latest whitepaper. Don't wait – safeguard your future now!
Get Whitepaper

Ready to find more vulnerabilities than your last pentest?

Unlock your organization's full security potential and uncover even more vulnerabilities than before by choosing our advanced penetration testing services.

Get started

Other blog posts

View More
Name of the article on an abstract background

Must Know Pentest Findings June 2024

Explore the latest insights from Evolve Security's Offensive Security team in their June 2024 pentest findings. Discover critical vulnerabilities such as NBNS and LLMNR spoofing, PHP RCE, and the persistent threat of EternalBlue. Learn essential fixes and strategies to fortify your network against these exploits, emphasizing proactive security measures and the shift towards Continuous Pentesting for enhanced resilience. Stay ahead in safeguarding your systems with Evolve Security’s expert recommendations.

Arrow Forward Icon
View more