WhatsUp Gold, a network monitoring solution built by Progress Software, contained numerous critical and high-severity vulnerabilities, putting its users at high risk of various cyber-attacks. The bugs were recently fixed and the company urged users to apply the fixes immediately.
Progress recently published a new security advisory in which it warned WhatsUp Gold users about the flaws and announced the release of the patch.
However, the advice does not discuss what the shortcomings are or how they may have been exploited.
Add a chip to the cartridge
The defects are listed as:
CVE-2024-46905: CVSS 8.8/10
CVE-2024-46906: CVSS 8.8/10
CVE-2024-46907: CVSS 8.8/10
CVE-2024-46908: CVSS 8.8/10
CVE-2024-46909: CVSS 9.8/10
CVE-2024-8785: CVSS 9.8/10
There were six vulnerabilities in total, two of which were rated as critical: 9.8/10.
Progress Software said the first fixed version is 24.0.1:
“The WhatsUp Gold team has identified six vulnerabilities that exist in versions earlier than 24.0.1,” the advisory reads. “We are contacting all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20. If you are using a version older than 24.0.1 and you are not upgrading, your environment will remain vulnerable.”
WhatsUp Gold is network monitoring software designed to provide comprehensive visibility into an organization’s IT infrastructure. It allows users to monitor devices, applications, servers and network traffic in real time, quickly identifying and resolving performance issues.
To install the latest version, go to Progress’ product list pagedownload the latest version and run it on your WhatsUp Gold server. Then just follow the directions. Since there are no details about the defects, we don’t know if they have already been abused in the wild.
Via BleepingComputer