CVE-2024-7763
📋 TL;DR
WhatsUp Gold versions before 2024.0.0 contain an authentication bypass vulnerability that allows attackers to obtain encrypted user credentials without proper authentication. This affects all organizations running vulnerable versions of WhatsUp Gold network monitoring software.
💻 Affected Systems
- WhatsUp Gold
📦 What is this software?
Whatsup Gold by Progress
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the monitoring system, potentially compromising the entire network infrastructure and using stolen credentials to move laterally across systems.
Likely Case
Attackers obtain encrypted credentials that could be cracked offline, leading to unauthorized access to the WhatsUp Gold system and potentially other systems using the same credentials.
If Mitigated
With proper network segmentation and access controls, impact is limited to the WhatsUp Gold system itself, though credential exposure remains a significant risk.
🎯 Exploit Status
The authentication bypass nature suggests relatively simple exploitation. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.0.0 or later
Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
Restart Required: Yes
Instructions:
1. Download WhatsUp Gold 2024.0.0 or later from Progress Software. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart the WhatsUp Gold service and verify functionality.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to WhatsUp Gold to only trusted IP addresses and networks
Configure firewall rules to limit access to specific source IPs
Credential Rotation
allChange all passwords and credentials used by WhatsUp Gold, especially administrative accounts
🧯 If You Can't Patch
- Isolate WhatsUp Gold system on a dedicated VLAN with strict access controls
- Implement network monitoring for unusual authentication attempts or credential access patterns
🔍 How to Verify
Check if Vulnerable:
Check WhatsUp Gold version in the web interface under Help > About or via the installation directory propertiesCheck Version:
Check version in web interface or examine file properties of WhatsUpGold.exeVerify Fix Applied:
Verify version is 2024.0.0 or later and test authentication mechanisms work properly📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts
- Access to credential-related endpoints without proper authentication
- Multiple failed login attempts followed by successful access
Network Indicators:
- Unusual traffic patterns to WhatsUp Gold authentication endpoints
- Requests to credential retrieval APIs from unexpected sources
SIEM Query:
source="WhatsUpGold" AND (event_type="authentication" OR event_type="credential_access") AND result="success" AND user="unknown"