Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers –
- CVE-2024-46905 (CVSS score: 8.8)
- CVE-2024-46906 (CVSS score: 8.8)
- CVE-2024-46907 (CVSS score: 8.8)
- CVE-2024-46908 (CVSS score: 8.8)
- CVE-2024-46909 (CVSS score: 9.8), and
- CVE-2024-8785 (CVSS score: 9.8)
Security researcher Sina Kheirkhah of Summoning Team has been credited with discovering and reporting the first four flaws. Andy Niu of Trend Micro has been acknowledged for CVE-2024-46909, while Tenable has been credited for CVE-2024-8785.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
It’s worth noting that Trend Micro recently reported that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security flaws in WhatsUp Gold to conduct opportunistic attacks.
Previously, the Shadowserver Foundation said it had observed exploitation attempts against CVE-2024-4885 (CVSS score: 9.8), another critical bug in WhatsUp Gold that was resolved by Progress in June 2024.
WhatsUp Gold Customers are recommended to apply the latest fixes as soon as possible to mitigate potential threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com