Alert essentials:

The Progress WhatsUp Gold team identified vulnerabilities in software versions prior to 24.0.2.

Upgrade earlier versions promptly to avoid system compromise.

 

Email Team

 

Detailed threat description:

Compromising vulnerabilities have been found in Progress WhatsUp Gold versions before 24.0.2. Information disclosure CVE-2024-12105 allows an authenticated user to extract sensitive information through specially crafted HTTP requests.

CVE-2024-12106 has a CVSS score of 9.4 and grants unauthenticated threat actors configuration access to Lightweight Directory Access Protocol (LDAP) settings. This flaw is a critical weakness with low attack complexity that does not require authentication.

The most concerning vulnerability of CVE-2024-12108 allows full control of Progress WhatsUp Gold servers via the public API. This critical authentication vulnerability, with a CVSS score of 9.6, affects an unknown input, leading to spoofing. No authentication is required for this easy exploit, which can be initiated remotely.

No exploit code is known to exist currently; however, Progress released a fixed version of the software on Monday, December 9th.

It is highly recommended that new software versions be deployed immediately to ensure enhanced security and protection against potential attacks. Environments that do not upgrade versions will remain defenseless.

 

Impacts on healthcare organizations:

Hospitals rely heavily on network monitoring tools like WhatsUp Gold to oversee their extensive and complex networks, which include medical devices, patient records, and administrative systems. Attackers could access sensitive data, compromise devices, and disrupt network operations.

To guard against these vulnerabilities’ healthcare organizations should upgrade WhatsUp Gold versions to 24.0.2.

 

Affected Products / Versions:

These vulnerabilities exist in WhatsUp Gold versions prior to 24.0.2.

CVEs

CVE-2024-12108- CWE 290- CVSS 9.6
CVE-2024-12106- CWE 306- CVSS 9.4
CVE-2024-12105- CWE 22- CVSS 6.5

 

Recommendations

Engineering recommendations:

  • Install WhatsUp Gold software components on dedicated servers. Do not use these servers for any other purpose
  • Versions of WhatsUp Gold before v20.0.2 must first upgrade to v20.0.2 before installing the latest version of WhatsUp Gold
  • Be sure to clear the browser cache, so the user interface displays the new web application pages after the upgrade
  • Back up the database before performing an upgrade
  • If you are using the SQL Express database included in WhatsUp Gold, this can be done by the installer/updater before proceeding with the upgrade
  • Restrict API access by implementing network segmentation and firewall rules
  • Continuously monitor network traffic for unusual patterns
  • Enforce robust authentication mechanisms, such as multi-factor authentication

 

Leadership/ Program recommendations:

  • Implement enhanced monitoring of network traffic, especially concerning the WhatsUp Gold server, to detect any unusual activities that may indicate attempted exploitation
  • Foster a culture of cybersecurity awareness within the organization, emphasizing the importance of regular software updates and vigilance against potential threats
  • Maintain open communication with software vendors to stay informed about security advisories and updates, ensuring timely responses to emerging vulnerabilities

 

References: