www.belgium.be Logo of the federal government

WARNING: MULTIPLE VULNERABILITIES IN WHATSUP GOLD, PATCH IMMEDIATELY!

Referentie: 
Advisory #2025-03
Versie: 
1.0
Geïmpacteerde software: 
WhatsUp Gold prior to 24.0.2
Type: 
Unauthorized access, manipulation of configurations, information disclosure
CVE/CVSS: 
CVE-2024-12108: CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)
CVE-2024-12106: CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
CVE-2024-12105: CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Bronnen

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-...

Risico’s

WhatsUp Gold published a security advisory for multiple vulnerabilities. Two of the vulnerabilities are critical and one is medium. Successful exploitation of the vulnerabilities give an attacker full access to the WhatsUp Gold server and allow him to view sensitive information and change configurations in LDAP, which can further impact an enterprise environment. The impact on confidentiality and integrity of the systems is severe and the vulnerabilities can be exploited remotely without prior authentication.
 
Given the severe impact of these vulnerabilities, the low complexity required to exploit them successfully and the fact that WhatsUp Gold has been targeted by threat actors in the past, it is important to patch these vulnerabilities as soon as possible.

Beschrijving

CVE-2024-12108 allows an attacker to gain access to the WhatsUp Gold server via the public API.
CVE-2024-12106 allows an unauthenticated attacker to manipulate the LDAP configurations.
CVE-2024-12105 allows an authenticated user to view sensitive information by crafting a special HTTP request.

Aanbevolen acties

Patch
 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
 
Monitor/Detect
 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/nl/cert/een-incident-melden.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties