September 27, 2024 By Sergiu Gatlan
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.
However, even though it released WhatsUp Gold 24.0.1, which addressed the issues last Friday and published an advisory on Tuesday, the company has yet to provide any details regarding these flaws.
"The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1," Progress warned customers this week.
"We are reaching out to all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20. If you are running a version older than 24.0.1 and you do not upgrade, your environment will remain vulnerable."
The only information available is that the six vulnerabilities were reported by Summoning Team's Sina Kheirkhah, Trend Micro's Andy Niu, and Tenable researchers and were assigned the following CVE IDs and CVSS base scores:
- CVE-2024-46905: CVSS 8.8/10 (reported by Sina Kheirkhah)
- CVE-2024-46906: CVSS 8.8/10 (reported by Sina Kheirkhah)
- CVE-2024-46907: CVSS 8.8/10 (reported by Sina Kheirkhah)
- CVE-2024-46908: CVSS 8.8/10 (reported by Sina Kheirkhah)
- CVE-2024-46909: CVSS 9.8/10 (reported by Andy Niu)
- CVE-2024-8785: CVSS 9.8/10 (reported by Tenable)
To upgrade to the latest version, download the WhatsUp Gold 24.0.1 installer from here, run it on vulnerable WhatsUp Gold servers, and follow the prompts.
