CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Oct 7, 2024

CVE-2024-6670

High

CVSS 9.8EPSS 94.5%CISA KEVRansomware

Progress/WhatsUp Gold

Description

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

CVSS Score

9.8/ 10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Probability

94.5%

Higher than 100.0% of all CVEs

Weakness Classification (CWE)

CWE-89SQL InjectionMITRE

Required Action

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-6670

Risk Assessment

CRITICAL

In CISA KEV

Critical CVSS

High EPSS

Ransomware

Details

Severity: High
CVSS: 9.8
EPSS: 94.5%
CWE: CWE-89
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Sep 16, 2024

Added to KEV

Sep 16, 2024

Remediation Due

Oct 7, 2024

Affected Product

Progress

WhatsUp Gold

View all Progress CVEs

External Links

NVD (NIST)CVE Details MITRE CVE