Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold


The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures.

WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations. Identified as CVE-2024-5008, WhatsUp Gold versions prior to 2023.1.3 allow an authenticated threat actor with the Application Monitoring (APM) privilege to upload an arbitrary file, which can further lead to remote code execution, earning a high CVSS score of 8.8.

Read more…
Source: SonicWall


Sign up for our Newsletter


Related:

  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day

    April 10, 2017

    This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...

  • Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

    March 28, 2017

    Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple warned. The lion’s share of ...

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...