प्लेटफ़ॉर्म
windows
घटक
whatsup-gold
में ठीक किया गया
2024.0.1
CVE-2024-46909 is a critical Remote Code Execution (RCE) vulnerability discovered in WhatsUp Gold monitoring software. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system, potentially leading to complete system takeover. The vulnerability impacts versions 2023.1.0 through 2024.0, and a patch is available in version 2024.0.1.
The impact of CVE-2024-46909 is severe. Successful exploitation allows an attacker to execute code with the privileges of the WhatsUp Gold service account. This could enable them to install malware, steal sensitive data, modify system configurations, or even pivot to other systems on the network. Given the monitoring nature of WhatsUp Gold, attackers could potentially gain access to network diagrams, server inventories, and other critical infrastructure information. The lack of authentication required for exploitation significantly broadens the attack surface, making it a high-priority risk.
CVE-2024-46909 was publicly disclosed on December 2, 2024. While no public proof-of-concept (PoC) code has been released as of this writing, the CRITICAL severity and ease of exploitation (unauthenticated remote access) suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its severity warrants close monitoring. Active campaigns targeting this vulnerability are possible.
Organizations heavily reliant on WhatsUp Gold for network monitoring and performance management are particularly at risk. Environments with limited network segmentation or exposed monitoring servers are especially vulnerable. Shared hosting environments where multiple customers share the same WhatsUp Gold instance also face increased risk.
• windows / supply-chain:
Get-Process -Name "WhatsUpGoldService" | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='WhatsUp Gold Service']]]" -MaxEvents 10• generic web:
curl -I https://<your_whatsupgold_server>/ # Check for unexpected responses or exposed endpointsdisclosure
एक्सप्लॉइट स्थिति
EPSS
28.84% (97% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-46909 is to immediately upgrade to WhatsUp Gold version 2024.0.1 or later. If upgrading is not immediately feasible, consider segmenting the WhatsUp Gold server from critical network resources to limit potential blast radius. While a direct workaround isn't available, implementing strict network access controls to restrict external access to the WhatsUp Gold server can reduce the attack surface. Monitor WhatsUp Gold logs for suspicious activity, particularly attempts to access or modify system files. After upgrading, confirm the vulnerability is resolved by attempting a test exploit (if safe to do so in a non-production environment) or verifying that the relevant code paths have been patched.
WhatsUp Gold को संस्करण 2024.0.1 या बाद के संस्करण में अपडेट करें। अपडेट डायरेक्टरी ट्रैवर्सल और रिमोट कोड एग्जीक्यूशन भेद्यता को ठीक करता है। अधिक विवरण और अपडेट निर्देशों के लिए Progress सुरक्षा बुलेटिन देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-46909 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2024.0, allowing unauthenticated attackers to execute code.
If you are running WhatsUp Gold versions 2023.1.0 through 2024.0, you are affected by this vulnerability. Upgrade to 2024.0.1 or later.
Upgrade to WhatsUp Gold version 2024.0.1 or later to patch the vulnerability. Consider network segmentation as a temporary mitigation.
While no public exploits are currently available, the CRITICAL severity and ease of exploitation suggest a high probability of active exploitation.
Refer to the official WhatsUp Gold security advisory for detailed information and patch download links: [https://www.whatsupgold.com/security-advisories](https://www.whatsupgold.com/security-advisories)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।