OSOC Update: Critical SQL Vulnerability in Progress WhatsUp Gold

Rob Kraus

Vice President, Security Services

Contents

Evolve Security is writing to update you of a critical SQL vulnerability identified as CVE-2024-6670 in Progress WhatsUp Gold. It is worth underlining that threat actors are actively exploiting proof of concept (PoC) exploits to conduct opportunistic attacks.

Vulnerability Overview

CVE-2024-6670 is a critical SQL injection vulnerability, assigned a CVSS v3score of 9.8. Security researcher Sina Kheirkhah from Summoning Team discovered if WhatsUp Gold is configured with only a single user, attackers without prior authentication can exploit this vulnerability to access encrypted passwords. This CVE affects all versions of the WhatsUp Gold network monitoring software prior to version 2024.0.0. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) list on September 16, 2024 indicating it has been targeted and exploited in the wild.

Observed exploitation attempts indicate attackers bypassing WhatsUp Gold’s authentication and installing remote access tools. The use of these tools suggests attackers may be setting up for ransomware deployment.

Remediation Guidance

The developer, Progress Software, issued a patch for this critical vulnerability in August 2024, along with CVE-2024-6671. To safeguard your systems, make sure to upgrade to WhatsUp Gold version 2024.0.0 or newer. Progress Software has noted that unusual entries in the "Name" column of the WhatsUp Gold user interface might indicate compromise. You can investigate this further by going to Settings > Actions and Alerts > Alert Center Libraries > Threshold tab.

References

https://summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/

https://www.cve.org/CVERecord?id=CVE-2024-6670

https://nvd.nist.gov/vuln/detail/CVE-2024-6670

https://github.com/sinsinology/CVE-2024-6670

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

Evolve Security Actions

Evolve security has reviewed all client vulnerability data and determined there are no instances of this vulnerability identified across our client base. However, it is still recommended organizations proactively identify vulnerable versions and apply remediation recommendations as appropriate. Most organizations do not include all assets in their regular vulnerability testing so it is important to validate applicability to those assets that may not be in the regular scope for testing.

About the Author,

Rob Kraus

Vice President, Security Services

As the Vice President of Security Services at Evolve Security, Rob is deeply committed to leading the development, growth, and successful delivery of cutting-edge cybersecurity services. His role is pivotal in overseeing project execution and ensuring the services provided align with the evolving needs of a diverse clientele, offering robust and innovative security solutions.

Prior to joining Evolve Security, Rob served as the Senior Director at the NTT Ltd. Global Threat Intelligence Center (GTIC) and a primary author for its annual Global Threat Intelligence Report (GTIR). In this position, he led a team of cyber threat intelligence analysts and was responsible for production and dissemination of threat communications to clients, playing a key role in keeping them informed of emerging cybersecurity threats.

A significant part of his role at NTT Ltd. involved maintaining and nurturing strategic relationships with intelligence partners. Rob was instrumental in fostering productive collaborations and forming threat intelligence alliances, thereby enhancing the company's intelligence capabilities, and contributing significantly to the broader cybersecurity community.

In addition to his executive leadership, Rob stands out as a Vice President with a profound technical expertise in cybersecurity. He has an extensive background in penetration testing and vulnerability research. This technical acumen is further evidenced by his significant contributions to the field, having published numerous zero-day Common Vulnerabilities and Exposures (CVEs). Rob is also a respected author of two books that delve into the complexities of cybersecurity, demonstrating his depth of knowledge and ability to articulate complex concepts to a wider audience.

Complementing his technical expertise, Rob has also earned an MBA, which underpins his strategic approach to leadership and his ability to drive business growth alongside technological innovation in the cybersecurity industry.

More by

Rob Kraus

Ready to find more vulnerabilities than your last pentest?

Unlock your organization's full security potential and uncover even more vulnerabilities than before by choosing our advanced penetration testing services.

Get started