A critical security flaw in Progress WhatsUp Gold, a popular network monitoring tool, has been exposed with the release of a proof-of-concept (PoC) exploit.
The vulnerability, identified as CVE-2024-8785, affects versions of WhatsUp Gold prior to 24.0.1 and poses a significant risk to organizations using the affected software.
The security issue is a registry overwrite remote code execution vulnerability present in the NmAPI.exe component of WhatsUp Gold.
This flaw allows an unauthenticated remote attacker to achieve remote code execution on the affected system, potentially leading to a complete compromise of the target machine.
Security experts at Tanable observed that the vulnerability stems from the UpdateFailoverRegistryValues operation contract implemented in NmAPI.exe, a Windows Communication Foundation (WCF) application.
An attacker can exploit this weakness to modify or create registry values under specific paths in the Windows Registry.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Risk Information
.webp)
The attack vector involves the following steps:-
- An unauthenticated attacker invokes the UpdateFailoverRegistryValues operation via a netTcpBinding at net.tcp://:9643.
- The attacker modifies the registry value for the WhatsUp Gold installation directory to point to a UNC path under their control.
- When the Ipswitch Service Control Manager service restarts, it reads manifest files from the attacker-controlled location.
- The attacker can then specify malicious processes to be executed by the service, effectively achieving remote code execution.
The vulnerability has been assigned a Critical risk factor, with a CVSSv3 score indicating the highest possible impact:-
- CVSSv3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Risk Factor: Critical
This scoring reflects the ease of exploitation and the potential for complete system compromise without requiring authentication or user interaction.
Progress has released a patch to address this vulnerability. Organizations using WhatsUp Gold are strongly advised to take the following action:-
- Upgrade to WhatsUp Gold version 24.0.1 or later immediately.
The vulnerability was responsibly disclosed by Tenable to Progress over several months, with the final patch release and CVE assignment occurring on December 2, 2024.
Security professionals and system administrators are urged to prioritize this update to protect their network monitoring infrastructure from potential exploitation.
Analyse Advanced Malware & Phishing Analysis With ANY.RUN Black Friday Deals : Get up to 3 Free Licenses.