Threat Advisory

Critical WhatsUp Gold RCE Flaw Enables Arbitrary Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

A critical remote code execution vulnerability in Progress WhatsUp Gold, identified as CVE-2024-8785, has been disclosed. This flaw, present in NmAPI.exe, allows unauthenticated attackers to modify sensitive Windows registry keys, enabling them to redirect configuration file locations to attacker-controlled shares and execute arbitrary code upon service restarts. Exploitation requires no authentication and poses a significant risk due to the network accessibility of the NmAPI.exe service.

 

  • CVE-2024-8785: A remote code execution vulnerability in Progress WhatsUp Gold, with a CVSS score of 9.8, is caused by improper input validation in the NmAPI.exe process, allowing attackers to manipulate the Windows registry and execute arbitrary code.

 

Applying the latest updates to WhatsUp Gold is essential to mitigate the vulnerability. Ensuring prompt action will reduce risks and maintain network security.

RECOMMENDATION:

  • We strongly recommend you update Progress WhatsUp Gold to version 24.0.1.

REFERENCES:

The following reports contain further technical details:
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-whatsup-gold-rce-flaw-patch-now/

crossmenu