CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.

CWE 1 Total

Learn more

CWE-648: CWE-648 Incorrect Use of Privileged APIs

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
9.8	CRITICAL	3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Status

Learn more

Versions 1 Total

Default Status: affected

affected

Credits

Tenable reporter

References 3 Total

https://www.progress.com/network-monitoring
external site
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024
external site
vendor-advisory
https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html
external site
release-notes

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Progress Software Corporation

Description

CWE 1 Total

CVSS 1 Total

Product Status

Credits

References 3 Total

Authorized Data Publishers

CISA-ADP