Progress Software has disclosed a critical vulnerability in its popular network monitoring solution, WhatsUp Gold, that exposes organizations to potential cyberattacks by allowing unauthorized access to user credentials.
The vulnerability tracked as CVE-2024-7763 with a CVSS 9.8, enables attackers to bypass authentication controls and obtain encrypted credentials, posing a critical risk to any network using affected versions that includes all versions released before 2024.0.0. Attackers exploiting this vulnerability gain access to encrypted user credentials, potentially opening the door to further unauthorized access.
CVE-2024-7763 joins a list of high-risk vulnerabilities in WhatsUp Gold revealed in Progress’s August security bulletin. Two other vulnerabilities, CVE-2024-6670 and CVE-2024-6671, also has a CVSS score of 9.8 (exploited in wild) and enable SQL Injection attacks that could compromise encrypted passwords in single-user configurations.
To protect against these vulnerabilities, Progress strongly advises WhatsUp Gold users to upgrade to the latest release, version 2024.0.0 or newer. For administrators seeking signs of compromise, the Settings > Actions and Alerts > Alert Center Libraries > Threshold tab should be reviewed for unusual entries in the “Name” column.
