CVE-2024-12106
📋 TL;DR
This vulnerability allows unauthenticated attackers to configure LDAP settings in WhatsUp Gold, potentially enabling them to redirect authentication to malicious LDAP servers or disrupt legitimate authentication. Organizations running WhatsUp Gold versions before 2024.0.2 are affected.
💻 Affected Systems
- WhatsUp Gold
📦 What is this software?
Whatsup Gold by Progress
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect all authentication to a malicious LDAP server they control, enabling credential harvesting, account takeover, and complete compromise of the monitoring system.
Likely Case
Attackers modify LDAP settings to disrupt legitimate authentication, causing service outages and preventing administrators from accessing the monitoring system.
If Mitigated
With proper network segmentation and access controls, impact is limited to the WhatsUp Gold instance itself, though authentication disruption could still occur.
🎯 Exploit Status
The vulnerability description indicates unauthenticated access to LDAP configuration, suggesting straightforward exploitation via web interface or API calls.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.0.2 or later
Vendor Advisory: https://www.progress.com/network-monitoring
Restart Required: Yes
Instructions:
1. Download WhatsUp Gold 2024.0.2 or later from Progress website. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart WhatsUp Gold services.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to WhatsUp Gold administration interfaces to trusted IP addresses only.
Use firewall rules to limit access to WhatsUp Gold ports (typically 80/443) to authorized administrative networks
Disable LDAP Configuration Interface
allTemporarily disable or restrict access to LDAP configuration endpoints if possible.
Configure web server or application firewall to block access to LDAP configuration URLs
🧯 If You Can't Patch
- Implement strict network segmentation to isolate WhatsUp Gold from untrusted networks
- Deploy web application firewall with rules to detect and block LDAP configuration attempts
🔍 How to Verify
Check if Vulnerable:
Check WhatsUp Gold version in administration interface. If version is below 2024.0.2, system is vulnerable.Check Version:
Check version in WhatsUp Gold web interface under Help > About, or examine installation directory version files.Verify Fix Applied:
After patching, verify version shows 2024.0.2 or higher in administration interface.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to LDAP configuration endpoints
- Changes to LDAP settings from unexpected IP addresses
- Authentication failures following LDAP configuration changes
Network Indicators:
- Unusual HTTP POST requests to LDAP configuration endpoints
- Traffic from WhatsUp Gold to unexpected LDAP servers
SIEM Query:
source="whatsup_gold" AND (uri_path="/ldap/*" OR uri_path="/config/ldap*") AND http_method="POST" AND NOT src_ip IN [admin_ips]