Patch now! Exploit for critical vulnerability in Whatsup Gold in circulation
The Whatsup Gold monitoring software is vulnerable. Security researchers have now discovered an exploit for malicious code attacks. A patch is available.
(Image: Photon photo/Shutterstock.com)
Admins should quickly protect their instances with Whatsup Gold against possible attacks. A"critical" security vulnerability has been known since September of this year. A security update has also been available since then. As exploit code for the vulnerability is now circulating, attacks could be imminent.
Executing malicious code
As security researchers from Tenable explain in a report , remote attackers can exploit the vulnerability (CVE-2024-8785"critical") without authentication. According to them, the security problem can be found in the network management API NmAPI.exe, which is accessible via the network. Because input is not sufficiently checked, attackers can use crafted requests there.
If this works, they can overwrite entries in the Windows registry so that the configuration settings of the monitoring software are loaded from a share controlled by attackers, for example. This can lead to the execution of malicious code, which usually results in the complete compromise of systems.
Patch now!
A security patch has been available since September 2024. In a warning message, the developers state that Whatsup Gold 24.0.1 is protected against the described attack. All previous versions are said to be vulnerable. The developers have also closed five other vulnerabilities.
Videos by heise
If attackers successfully exploit these vulnerabilities, they can, among other things, execute malicious code in the context of the service account (CVE-2024-46909"critical") or elevate themselves to admin (CVE-2024-46908"high").
(des)
