CVE-2024-6671 Scanner

WhatsUp Gold is a comprehensive network monitoring software used by IT departments and network administrators to monitor the availability, performance, and issues within IT infrastructure. It is deployed in various environments, from small businesses to large enterprises, to ensure the steady functioning of network devices, servers, and applications. This software provides insights into network traffic, detects anomalies, and aids in troubleshooting by offering detailed reports and alerts. The main aim is to optimize network performance, minimize downtime, and ensure data security. Due to its extensive capabilities, WhatsUp Gold is widely used in industries that require reliable network operations. Its user-friendly interface and rich features make it a preferred choice for network management.

The SQL Injection vulnerability in WhatsUp Gold allows attackers to inject malicious SQL queries into input fields that are not properly sanitized. This type of vulnerability is critical as it can lead to unauthorized data exposure, manipulation, and even loss of database control. Attackers can exploit this flaw to bypass authentication mechanisms by manipulating SQL queries to retrieve sensitive data such as encrypted user passwords. Once access is gained, attackers can further exploit the database to extract, update, or delete data. Such vulnerabilities pose significant risks to the integrity, confidentiality, and availability of data stored within the application. Organizations using affected versions of WhatsUp Gold are at risk of severe data breaches.

Technically, the vulnerability is in handling specific API requests where SQL statements can be manipulated to execute arbitrary commands. An attacker does not need to be authenticated to exploit this flaw, as it permits injection into the `DeviceStatisticalMonitors` endpoint. The main vulnerable parameter is the `statisticalMonitorTable`, where crafted input allows SQL commands to be appended. Successful exploitation can retrieve encrypted passwords from the database by executing a malicious SQL injection payload. This leads to an authentication bypass, giving attackers the potential to gain admin privileges. The construction of these queries often involves concatenated inputs without proper validation, leading to this critical flaw.

If exploited, malicious actors can gain unauthorized access to network monitoring data and administrative functionalities. An adversary can alter or delete data, change user permissions, and disrupt the functioning of network monitoring operations, impacting the organization's ability to detect and respond to network issues. In extreme cases, a complete system compromise can occur, resulting in loss of control over the network monitoring environment. Furthermore, the exposure of sensitive data, such as user credentials, may lead to lateral movement within the network, enabling further infiltration and exploitation.

REFERENCES

• https://www.zerodayinitiative.com/advisories/ZDI-24-1186/
• https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
• https://www.progress.com/network-monitoring