無料スキャン
CRITICALCVE-2024-7763CVSS 9.8

WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability

翻訳中…

プラットフォーム

nagios

コンポーネント

whatsup-gold

修正版

2024.0.0

AI Confidence: highNVDEPSS 0.2%レビュー済み: 2026年5月
NVDで見る
保存
あなたの言語に翻訳中…

CVE-2024-7763 describes an Authentication Bypass vulnerability affecting WhatsUp Gold versions 2023.1.0 through 2024.0.0. This flaw allows an attacker to potentially obtain encrypted user credentials, compromising the security of the monitoring environment. A fix is available in version 2024.0.0, and users are strongly advised to upgrade immediately.

影響と攻撃シナリオ翻訳中…

The impact of CVE-2024-7763 is severe. Successful exploitation allows an attacker to bypass authentication mechanisms and gain access to encrypted user credentials. This could lead to unauthorized access to sensitive network data, including configuration details, performance metrics, and potentially even administrative controls. Compromised credentials could be used for lateral movement within the network, allowing the attacker to escalate privileges and further compromise systems. The blast radius extends to any systems monitored by WhatsUp Gold, as the attacker could leverage stolen credentials to gain insights into the entire network infrastructure.

悪用の状況翻訳中…

CVE-2024-7763 was publicly disclosed on 2024-10-24. The vulnerability's severity is rated as CRITICAL (CVSS 9.8). Currently, there are no publicly available proof-of-concept exploits, but the ease of exploitation suggested by the authentication bypass nature raises concerns about potential rapid exploitation. It is not currently listed on CISA KEV, but its criticality warrants close monitoring.

リスク対象者翻訳中…

Organizations heavily reliant on WhatsUp Gold for network monitoring are particularly at risk. This includes managed service providers (MSPs) who manage monitoring for multiple clients, as a single compromised WhatsUp Gold instance could impact numerous networks. Environments with weak password policies or a lack of MFA are also at heightened risk.

検出手順翻訳中…

• nagios / server:

journalctl -u whats_gold -g 'authentication bypass'

• nagios / server:

ps aux | grep -i 'authentication bypass'

• nagios / server: Check WhatsUp Gold logs for unusual authentication patterns or failed login attempts. • nagios / server: Review user account permissions and ensure least privilege is enforced.

攻撃タイムライン

  1. Disclosure

    disclosure

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

0.20% (42% パーセンタイル)

CISA SSVC

悪用状況none
自動化可能yes
技術的影響total

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetwork攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredNone攻撃に必要な認証レベルUser InteractionNone被害者の操作が必要かどうかScopeUnchanged影響コンポーネント外への波及ConfidentialityHigh機密データ漏洩のリスクIntegrityHigh不正データ改ざんのリスクAvailabilityHighサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
なし — 認証不要。資格情報なしで悪用可能。
User Interaction
なし — 自動かつ無音の攻撃。被害者は何もしない。
Scope
変化なし — 影響は脆弱なコンポーネントのみ。
Confidentiality
高 — 機密性の完全喪失。全データが読み取り可能。
Integrity
高 — 任意のデータの書き込み・変更・削除が可能。
Availability
高 — 完全なクラッシュまたはリソース枯渇。完全なサービス拒否。

影響を受けるソフトウェア

コンポーネントwhatsup-gold
ベンダーProgress Software Corporation
影響範囲修正版
2023.1.0 – 2024.0.02024.0.0

弱点分類 (CWE)

CWE-287

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2024-7763 is to upgrade to WhatsUp Gold version 2024.0.0 or later, which contains the fix. If immediate upgrade is not possible due to compatibility issues or testing requirements, consider implementing stricter access controls and multi-factor authentication (MFA) to limit the impact of a potential compromise. Monitor WhatsUp Gold logs for suspicious authentication attempts. After upgrading, confirm the fix by attempting to reproduce the authentication bypass scenario and verifying that it is no longer possible.

修正方法翻訳中…

Actualice WhatsUp Gold a la versión 2024.0.0 o posterior. Esta actualización corrige la vulnerabilidad de omisión de autenticación que permite a un atacante obtener credenciales de usuario cifradas. Consulte el boletín de seguridad de Progress para obtener más detalles e instrucciones de actualización.

CVEセキュリティニュースレター

脆弱性分析と重要アラートをメールでお届けします。

よくある質問翻訳中…

What is CVE-2024-7763 — Authentication Bypass in WhatsUp Gold?

CVE-2024-7763 is a critical vulnerability in WhatsUp Gold versions 2023.1.0–2024.0.0 that allows attackers to bypass authentication and obtain encrypted user credentials, potentially compromising network monitoring data.

Am I affected by CVE-2024-7763 in WhatsUp Gold?

If you are running WhatsUp Gold versions 2023.1.0 through 2024.0.0, you are potentially affected by this vulnerability. Upgrade to 2024.0.0 to mitigate the risk.

How do I fix CVE-2024-7763 in WhatsUp Gold?

The recommended fix is to upgrade to WhatsUp Gold version 2024.0.0 or later. If immediate upgrade is not possible, implement stricter access controls and MFA.

Is CVE-2024-7763 being actively exploited?

While no public exploits are currently available, the ease of exploitation makes active exploitation a possibility. Monitor your systems closely and apply the patch as soon as possible.

Where can I find the official WhatsUp Gold advisory for CVE-2024-7763?

Refer to the official WhatsUp Gold security advisory for detailed information and updates: [https://www.whatsmsgold.com/security-advisories](https://www.whatsmsgold.com/security-advisories)

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索