H-ISAC TLP White: Vulnerability Bulletin: Green Batch of Critical Vulnerabilities in Progress WhatsUp Gold

Progress Software disclosed a batch of critical vulnerabilities affecting WhatsUp Gold. WhatsUp Gold is a network monitoring application that allows users to track the uptime and availability of servers and services running on them.

The set of vulnerabilities affects WhatsUp Gold versions older than 2024.0.0 and leverages SQL Injection techniques (SQLi), which can allow adversaries to gain unauthorized access to sensitive data and escalate privileges within the network. The vulnerabilities include:

• CVE-2024-6670
• CVE-2024-6671
• CVE-2024-6672

Of the three vulnerabilities, CVE-2024-6670 and CVE-2024-6671 can be exploited to allow an attacker to retrieve encrypted passwords through SQL injection attacks targeting single-user configured instances.

The other vulnerability, tracked as CVE-2024-6672, likely involves additional steps within the kill chain as successful exploitation requires the adversary to be authenticated. However, once the adversary acquires the necessary credentials, the vulnerability allows them to escalate the privileges of the compromised account by modifying a privileged user’s password.

There is no evidence that indicates the vulnerabilities are being actively exploited. However, considering the active exploitation of a previous WhatsUp Gold vulnerability, Health-ISAC encourages users to upgrade affected Progress WhatsUp Gold versions as soon as possible.

View the detailed bulletin below.