Blog
Share This Post
[ad_1]
A proof-of-concept exploit has been released for CVE-2024-8785, a critical remote code execution vulnerability in Progress WhatsUp Gold, according to BleepingComputer.
The flaw is rated 9.8 on the CVSS scale and affects WhatsUp Gold versions from 2023.1.0 to before 24.0.1. It resides in the NmAPI.exe process, which handles network management API requests. Insufficient data validation allows attackers to send crafted requests to alter sensitive Windows registry keys. This enables them to manipulate configuration file paths, directing the system to attacker-controlled locations. Upon a service restart, the system may execute malicious files, granting attackers remote code execution capabilities. Exploitation is unauthenticated and network-accessible, significantly elevating risk. Discovered by Tenable last August, the flaw was addressed by Progress Software in its version 24.0.1 update, which was released in September. The company urged administrators to update affected deployments immediately. The urgency is heightened by prior public exploits targeting WhatsUp Gold, including critical remote code execution and SQL injection vulnerabilities, which attackers have used to compromise networks and gain administrator access.
Get essential knowledge and practical strategies to fortify your applications.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
