CVE-2024-46905
📋 TL;DR
A SQL injection vulnerability in WhatsUp Gold versions before 2024.0.1 allows authenticated users with Network Manager permissions to escalate privileges to admin accounts. This affects organizations using vulnerable versions of WhatsUp Gold for network monitoring.
💻 Affected Systems
- WhatsUp Gold
📦 What is this software?
Whatsup Gold by Progress
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full administrative control over the WhatsUp Gold instance, potentially compromising the entire network monitoring infrastructure and using it as a foothold for lateral movement.
Likely Case
Malicious insiders or compromised accounts with Network Manager permissions escalate to admin, gaining unauthorized access to sensitive network data and configuration controls.
If Mitigated
With proper access controls and network segmentation, impact is limited to the WhatsUp Gold system itself, though administrative compromise remains significant.
🎯 Exploit Status
Requires understanding of WhatsUp Gold's database structure and authentication mechanisms; authenticated access lowers barrier.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.0.1 or later
Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024
Restart Required: No
Instructions:
1. Download WhatsUp Gold 2024.0.1 or later from Progress support portal. 2. Backup current configuration and database. 3. Run the installer to upgrade. 4. Verify successful upgrade in administration console.
🔧 Temporary Workarounds
Restrict Network Manager Permissions
allTemporarily reduce the number of users with Network Manager permissions to only essential personnel.
Navigate to Administration > Security > Users in WhatsUp Gold, review and modify user permissions.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate WhatsUp Gold from critical systems.
- Enable detailed logging and monitoring for privilege escalation attempts and unusual admin activity.
🔍 How to Verify
Check if Vulnerable:
Check WhatsUp Gold version in the web interface under Help > About. If version is below 2024.0.1, the system is vulnerable.Check Version:
Not applicable - check via web interface or installation directory properties.Verify Fix Applied:
After patching, verify version shows 2024.0.1 or higher in Help > About. Test that authenticated users cannot perform unauthorized privilege escalation.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed privilege escalation attempts followed by success
- User account permission changes from Network Manager to Admin
Network Indicators:
- Unexpected database connections from WhatsUp Gold application server
- Anomalous authentication patterns to admin endpoints
SIEM Query:
source="whatsup_gold_logs" AND (event_type="permission_change" OR sql_query="*UPDATE*users*SET*role*")