Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2024-6670

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.94467 | KEV: Exploitation Reported
Published: 29/08/2024 Updated: 17/09/2024

Vulnerability Summary

Unauthenticated SQL Injection in WhatsUp Gold Pre-2024.0.0

WhatsUp Gold versions before 2024.0.0 have a SQL Injection vulnerability. This lets an unauthenticated attacker get users' encrypted passwords.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

progress whatsup gold

Vendor Advisories

Check Point Security Alerts: Progress Software WhatsUp Gold SQL Injection (CVE-2024-6670)
Check Point Reference: CPAI-2024-0772 Date Published: 5 Sep 2024 Severity: Critical ...

Exploits

Exploit DB: WhatsUp Gold SQL Injection (CVE-2024-6670)
This module exploits a SQL injection vulnerability in WhatsUp Gold, by changing the password of an existing user (such as of the default admin account) to an attacker-controlled one WhatsUp Gold versions < v2400 are affected ...

Metasploit Modules

WhatsUp Gold SQL Injection (CVE-2024-6670)

This module exploits a SQL injection vulnerability in WhatsUp Gold, by changing the password of an existing user (such as of the default admin account) to an attacker-controlled one. WhatsUp Gold versions < v24.0.0 are affected.

msf > use auxiliary/admin/http/whatsup_gold_sqli
msf auxiliary(whatsup_gold_sqli) > show actions
    ...actions...
msf auxiliary(whatsup_gold_sqli) > set ACTION < action-name >
msf auxiliary(whatsup_gold_sqli) > show options
    ...show and set options...
msf auxiliary(whatsup_gold_sqli) > run

Github Repositories

https://github.com/BjornAnd/PyCVE-VulnVibes

a Python tool for visualizing and exploring CVEs (Common Vulnerabilities and Exposures) and information about them

PyCVE-VulnVibes PyCVE-VulnVibes is a Python-based GUI tool designed to fetch and visualize EPSS (Exploit Prediction Scoring System) scores for a given CVE (Common Vulnerabilities and Exposures) identifier using the FIRSTorg API The tool allows users to input a CVE identifier and view a time-series plot of EPSS scores, helping security professionals understand the exploitabili

https://github.com/sinsinology/CVE-2024-6670

CVE-2024-6670 PoC for Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVE-2024-6670) A root cause analysis of the vulnerability can be found on my blog: summoningteam/blog/progress-whatsup-gold-sqli-cve-2024-6670/ Usage python CVE-2024-6670py --newpassword Pwned --target-url 192168201150 _______ _ _ _______

Recent Articles

Progress urges admins to patch critical WhatsUp Gold bugs ASAP
BleepingComputer • Sergiu Gatlan • 27 Sep 2024

Progress urges admins to patch critical WhatsUp Gold bugs ASAP By Sergiu Gatlan September 27, 2024 08:01 AM 0 Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. However, even though it released WhatsUp Gold 24.0.1, which addressed the issues last Friday and published an advisory on Tuesday, the company has yet to provide any details regarding these flaws. "The WhatsUp Gold team has ...

Read more...
Hackers targeting WhatsUp Gold with public exploit since August
BleepingComputer • Bill Toulas • 12 Sep 2024

Hackers targeting WhatsUp Gold with public exploit since August By Bill Toulas September 12, 2024 12:27 PM 0 Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. The two flaws exploited in attacks since August 30 are SQL injection vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671 that allow retrieving encrypted passwords without authenti...

Read more...

References

CWE-89CWE-89https://nvd.nist.govhttps://github.com/BjornAnd/PyCVE-VulnVibeshttps://www.zerodayinitiative.com/advisories/ZDI-24-1185/https://www.first.org/epsshttps://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024https://www.progress.com/network-monitoring
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-39551hard-codedtype confusionmarkus drubbaCVE-2025-24054broken links removerCVE-2025-39567anthologizeCVE-2025-31201CVE-2025-29454file uploadCVE-2025-39558momen2009
Home
/
Search Results
/
CVE-2024-6670
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook