A proof-of-concept exploit has been released for CVE-2024-8785, a critical remote code execution vulnerability in Progress WhatsUp Gold, according to BleepingComputer.
The flaw is rated 9.8 on the CVSS scale and affects WhatsUp Gold versions from 2023.1.0 to before 24.0.1. It resides in the NmAPI.exe process, which handles network management API requests. Insufficient data validation allows attackers to send crafted requests to alter sensitive Windows registry keys. This enables them to manipulate configuration file paths, directing the system to attacker-controlled locations. Upon a service restart, the system may execute malicious files, granting attackers remote code execution capabilities. Exploitation is unauthenticated and network-accessible, significantly elevating risk. Discovered by Tenable last August, the flaw was addressed by Progress Software in its version 24.0.1 update, which was released in September. The company urged administrators to update affected deployments immediately. The urgency is heightened by prior public exploits targeting WhatsUp Gold, including critical remote code execution and SQL injection vulnerabilities, which attackers have used to compromise networks and gain administrator access.
