In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
An attacker can remotely, without any authentication, send requests to the NmAPI.exe process running within WhatsUp Gold. Through this component it is possible to create new or modify existing values in the registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. The vulnerability is classified as improper privilege use (CWE-648), which means the component operates in the context of privileges allowing writing to the system registry without verification of the caller's identity.
An attacker can modify application or system configuration stored in the registry, which consequently may lead to takeover of control over the environment, privilege escalation, or disruption of network monitoring system operation.
Progress WhatsUp Gold should be updated to version 2024.0.1 or newer. Detailed information is available in the vendor's security bulletin (Progress WhatsUp Gold Security Bulletin, September 2024) and in the Release Notes for version 2024.0.
Progress WhatsUp Gold in all versions released before 2024.0.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HProgress Whatsup Gold
APPProgress< 24.0.1
Related vulnerabilities
SQL Injection w Progress WhatsUp Gold — kradzież zaszyfrowanych haseł
Progress WhatsUp Gold – nieuwierzytelniony RCE przez path traversal
Progress WhatsUp Gold — nieautoryzowana konfiguracja ustawień LDAP
Progress WhatsUp Gold — nieautoryzowany dostęp do serwera przez publiczne API
Zdalne wykonanie kodu w Progress WhatsUp Gold (RCE bez uwierzytelnienia)