WhatsUp Gold reports another round of critical flaws
Take action: If you are using Progress WhatsUp Gold, consider isolating from the internet, but usually that doesn't work for network monitoring tools. So plan to update it VERY SOON. And now there's a PoC for one of the flaws. I's just a matter of time when these flaws are going to be attacked.
Learn More
WhatsUp Gold, a network monitoring solution developed by Progress Software has disclosed six vulnerabilities, two critical in versions below 24.0.1 that could allow attackers to gain unauthorized access to networks.
-
CVE-2024-46909 (CVSS Score 9.8) - Critical flaw that can enable remote code execution.
-
CVE-2024-8785 (CVSS Score 8.8) - Critical vulnerability allowing unauthorized access.
-
CVE-2024-46908 (CVSS Score 8.8) - Vulnerability allowing unauthorized access to network information/
-
CVE-2024-46907 (CVSS Score 8.8) - Exploitable flaw potentially providing access to network systems.
-
CVE-2024-46906 (CVSS Score 8.8) - Input validation vulnerability that could allow unauthorized access.
-
CVE-2024-46905 (CVSS Score 8.8) - Vulnerability that allows unauthorized system access
All versions of WhatsUp Gold below 24.0.1 are vulnerable. Users running outdated versions are strongly advised to upgrade to the latest release to protect their systems.
If assistance is needed, users can reach out to WhatsUp Gold's professional services team or technical support for help with the upgrade.
