平台
nagios
组件
whatsup-gold
修复版本
2024.0.2
CVE-2024-12106 describes a critical vulnerability in WhatsUp Gold versions 2023.1.0 through 2024.0.2. This flaw allows an unauthenticated attacker to configure LDAP settings, posing a significant risk to system security and data integrity. The vulnerability was published on December 31, 2024, and a patch is available in version 2024.0.2.
The ability for an unauthenticated attacker to configure LDAP settings within WhatsUp Gold represents a severe security risk. Attackers could potentially manipulate LDAP configurations to redirect authentication requests, inject malicious data, or gain unauthorized access to sensitive information stored within the LDAP directory. This could lead to data breaches, privilege escalation, and ultimately, complete system compromise. The lack of authentication required for this configuration change significantly broadens the attack surface and increases the likelihood of exploitation. Successful exploitation could allow attackers to impersonate legitimate users, access confidential data, and disrupt WhatsUp Gold's monitoring capabilities.
CVE-2024-12106 has a high probability of exploitation due to its unauthenticated nature and the potential for significant impact. Public proof-of-concept exploits are not currently available, but the ease of exploitation makes it a likely target for opportunistic attackers. The vulnerability was disclosed on December 31, 2024, and has been added to the CISA KEV catalog, indicating a heightened level of concern. Active campaigns targeting this vulnerability are not yet confirmed, but the severity warrants proactive monitoring and mitigation.
Organizations heavily reliant on WhatsUp Gold for network monitoring and performance management are particularly at risk. Environments with exposed LDAP services or weak LDAP security configurations are also highly vulnerable. Shared hosting environments where multiple customers share the same WhatsUp Gold instance should be prioritized for patching.
• nagios / server:
journalctl -u whatsupgold | grep -i ldap• nagios / server:
ps aux | grep -i ldapconfig• nagios / server: Check WhatsUp Gold configuration files for unusual LDAP settings. • nagios / server: Review WhatsUp Gold audit logs for unauthorized LDAP configuration changes.
disclosure
漏洞利用状态
EPSS
27.61% (96% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-12106 is to immediately upgrade WhatsUp Gold to version 2024.0.2 or later. If upgrading is not immediately feasible, consider temporarily restricting network access to the WhatsUp Gold server to prevent external attackers from exploiting the vulnerability. Review existing LDAP configurations for any suspicious changes. While not a complete solution, implementing strong authentication and access controls within the LDAP directory itself can help limit the potential impact of a successful attack. After upgrading, confirm the fix by verifying that unauthenticated users can no longer modify LDAP settings through the WhatsUp Gold interface.
将 WhatsUp Gold 更新到 2024.0.2 或更高版本。此更新修复了允许未经身份验证配置 LDAP 设置的漏洞。请参阅供应商网站以获取有关更新的详细说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-12106 is a critical vulnerability in WhatsUp Gold versions 2023.1.0–2024.0.2 that allows unauthenticated attackers to configure LDAP settings, potentially leading to data breaches and system compromise.
If you are running WhatsUp Gold versions 2023.1.0 through 2024.0.2, you are potentially affected by this vulnerability. Upgrade to 2024.0.2 to mitigate the risk.
The recommended fix is to upgrade to WhatsUp Gold version 2024.0.2 or later. If immediate upgrade is not possible, restrict network access to the server.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks. Proactive mitigation is recommended.
Refer to the official WhatsUp Gold security advisory for detailed information and updates regarding CVE-2024-12106.