CVE-2024-12108: 
WhatsUp Gold vulnerability analysis and mitigation

In WhatsUp Gold versions released before 2024.0.2, a critical vulnerability (CVE-2024-12108) was discovered that allows attackers to gain access to the WhatsUp Gold server via the public API. The vulnerability was disclosed on December 31, 2024, and affects Progress Software Corporation's network monitoring solution (NVD, CVE).

CVE-2024-12108 has been assigned a Critical severity with a CVSS v3.1 base score of 9.6. The vulnerability is classified as an Authentication Bypass by Spoofing (CWE-290). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), requires no user interaction (UI:N), and can affect connected systems (S:C) with high impacts on both confidentiality and integrity (C:H, I:H) (Security Online).

The exploitation of this vulnerability could lead to severe security breaches, allowing attackers to gain complete control of WhatsUp Gold servers. According to research, approximately 110,000 WhatsUp Gold instances are exposed and at risk of being targeted, with the majority located in the U.S., followed by China, Japan, India, Canada, Germany, and Australia (SOCRadar).

Progress Software Corporation has released version 24.0.2 of WhatsUp Gold to address this vulnerability. Organizations are strongly advised to immediately upgrade their WhatsUp Gold installations to this version to mitigate the risk (SOCRadar).