Click here to visit Original posting
WhatsUp Gold, a network monitoring solution built by Progress Software, carried numerous critical and high-severity vulnerabilities, which placed its users at great risk of different cyberattacks. The flaws were recently addressed, and the company urged the users to apply the fixes immediately.
Progress recently published a new security advisory in which it warned WhatsUp Gold users of the flaws and announced the release of the patch.
The advisory, however, does not discuss what the flaws are or how they might have been abused.
Adding a chip to the cartridge
The flaws are listed as:
CVE-2024-46905: CVSS 8.8/10
CVE-2024-46906: CVSS 8.8/10
CVE-2024-46907: CVSS 8.8/10
CVE-2024-46908: CVSS 8.8/10
CVE-2024-46909: CVSS 9.8/10
CVE-2024-8785: CVSS 9.8/10
In total, there were six vulnerabilities, two of which are rated critical - 9.8/10.
Progress Software said that the first fixed version is 24.0.1:
"The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1," the advisory reads. "We are reaching out to all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20. If you are running a version older than 24.0.1 and you do not upgrade, your environment will remain vulnerable."
WhatsUp Gold is a network monitoring software designed to provide comprehensive visibility into an organization’s IT infrastructure. It enables users to monitor devices, applications, servers, and network traffic in real time, helping to quickly identify and resolve performance issues.
To install the latest version, visit Progress’ product list page, download the latest version, and run it on your WhatsUp Gold server. After that, just follow the prompts. Since there are no details about the flaws, we don’t know if they have been abused in the wild already.
Via BleepingComputer
More from TechRadar Pro
- Progress warns Telerik Report Server has a critical security bug
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now