Login Sign Up

CVE-2024-46908

8.8 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

A SQL injection vulnerability in WhatsUp Gold allows authenticated users with Report Viewer permissions to escalate privileges to admin accounts. This affects WhatsUp Gold versions before 2024.0.1. Attackers can exploit this to gain full administrative control over the monitoring system.

💻 Affected Systems

Products:
  • WhatsUp Gold
Versions: All versions before 2024.0.1
Operating Systems: Windows (primary platform)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires at least Report Viewer permissions; default installations with default user roles are vulnerable.

📦 What is this software?

Whatsup Gold by Progress

View all CVEs affecting Whatsup Gold →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of WhatsUp Gold instance with administrative access, allowing attackers to modify configurations, access sensitive network data, and potentially pivot to other systems.

🟠

Likely Case

Privilege escalation from low-privileged user to admin, enabling unauthorized access to monitoring data and system controls.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and input validation are implemented.

🌐 Internet-Facing: HIGH if WhatsUp Gold is exposed to the internet, as authenticated attackers can exploit this remotely.
🏢 Internal Only: HIGH as authenticated internal users can exploit this vulnerability to gain admin privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access with Report Viewer permissions; SQL injection techniques are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.0.1 or later

Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024

Restart Required: No

Instructions:

1. Download WhatsUp Gold 2024.0.1 or later from Progress website. 2. Backup current installation. 3. Run the installer to upgrade. 4. Verify successful upgrade in administration console.

🔧 Temporary Workarounds

Restrict Report Viewer Permissions

all

Temporarily remove Report Viewer permissions from non-essential users until patching.

Use WhatsUp Gold administration console to modify user roles

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate WhatsUp Gold from critical systems
  • Apply web application firewall (WAF) rules to block SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check WhatsUp Gold version in administration console under Help > About.

Check Version:

Not applicable - check via administration console GUI

Verify Fix Applied:

Confirm version is 2024.0.1 or later in administration console.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in database logs
  • Multiple failed login attempts followed by successful admin login from same user

Network Indicators:

  • Unusual database queries from WhatsUp Gold application server

SIEM Query:

source="whatsup_gold" AND (event_type="sql_error" OR user_role_change="admin")

📊 Metadata

CVE ID: CVE-2024-46908
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 2, 2024
Last Updated: December 10, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46908, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)