Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Research

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
September 27, 2024

What is CVE-2024-6670? 

CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.   

What assets are affected by this vulnerability? 

WhatsUp Gold is a network monitoring tool offered by Progress Software. CVE-2024-6670 affects all versions of WhatsUp Gold before 2024.0.0. 

Is a fix available? 

This critical vulnerability was patched by Progress in August 2024 alongside CVE-2024-6671. Organizations can patch this vulnerability by upgrading to version 2024.0.0. 

Are there any other recommended actions to take? 

Progress disclosed that unusual data in the “Name” column in the WhatsUp Gold UI can serve as a potential indicator of compromise (IOC). To access, go to Settings > Actions and Alerts > Alert Center Libraries > Threshold tab.

Is CVE-2024-6670 being actively exploited? 

Researchers identified active exploitation of CVE-2024-6670 five hours after it was published on August 30th, 2024. Attackers were observed leveraging the vulnerability to bypass WhatsUp Gold’s authentication, installing remote access tools like Atera Agent, Radmin, SimpleHelp Remote Access, and Splashtop Remote. The use of remote access tools indicates threat actors may be using CVE-2024-6670 to deploy ransomware. 

Research shows that even when patches and mitigations are made available quickly, not all organizations can or do immediately apply these fixes. CyCognito’s recent 2024 State of External Exposure Management report found that the median remediation time for severe security issues with CISA-issued advisories was 41 days.   

How is CyCognito helping customers identify assets vulnerable to CVE-2024-6670? 

CyCognito discovery and testing engines actively detect vulnerable versions of Progress Software WhatsUp Gold and leverage multiple tests to services of the vulnerable product and versions. All customers have access to an in-platform emerging security issue announcement as of September 26th, 2024. As of this publication, no vulnerable assets have been detected.    

Figure 1: The alert sent by CyCognito for CVE-2024-6670

How can CyCognito help your organization? 

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. Want to see how it works? Check out our website and explore our platform with a self-guided, interactive dashboard product tour. To learn how CyCognito can help you understand your external attack surface and exposed risks, please visit our Contact Us page to schedule a demo.


Topics



Search the Blog



Recent Posts




Tim Matthews
How to Budget for EASM
By Tim Matthews
November 18, 2024




Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.