Whatsup Gold monitoring software: manufacturer advises to update quickly

Whatsup Gold has six vulnerabilities, two of which are considered a critical risk. The four other vulnerabilities just miss the critical classification.

In a security notice, manufacturer Progress now warns of these security vulnerabilities. The company's developers recommend that all Whatsup Gold customers update their environments to version 24.0.1 "as soon as possible". Anyone using an older version and not upgrading will remain vulnerable to the vulnerabilities.

Whatsup Gold: Only an update will help

There are apparently no temporary countermeasures that could patch the gaps in any other way. Admins should download the updated software from Progress. They should then start the installer and follow the instructions.

However, information on the vulnerabilities themselves is extremely sparse, to put it kindly: The CVE numbers and CVSS rating are available, nothing more. The vulnerabilities CVE-2024-46905, CVE-2024-46906, CVE-2024-46907 and CVE-2024-46908 have a CVSS value of 8.8 and are therefore classified as"high" risk. They were reported by Trend Micro's Zero Day Initiative. Trend Micro has also reported the vulnerability CVE-2024-46909, which is classified as critical with a CVSS value of 9.8. Progress has received information from Tenable about the vulnerability CVE-2024-8785, also with a risk rating of"critical" and a CVSS value of 9.8.

The CVE entries are so far only reserved, but not yet public. It is therefore unclear what the vulnerabilities are, what triggers them and what attacks on them might look like. IT managers should take the manufacturer's warning seriously and apply the update quickly.

It was only at the beginning of the month that Progress patched critical gaps in Whatsup Gold. This had allowed attackers to bypass the login process. Whatsup Gold is part of the "toolbox" of cyber criminals. At the beginning of August, the Shadowserver Foundation warned of attacks on Whatsup Gold installations in the wild.

(dmk)