Security News > 2024 > December > PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
2024-12-04 11:16

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a privileged application programming interface (API) that may allow attackers to overwrite the Windows Registry. The API endpoint in question – NmAPI.exe – can be exploited by unauthenticated, remote attackers to change an existing registry value or … More → The post PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/12/04/poc-exploit-cve-2024-8785-whatsup-gold/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-8785 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
network
low complexity
progress
5.3
5.3