Development Software Unveils Fixes for 6 Deficiencies in WhatsUp Gold – Update Immediately
Development Software has unveiled another set of patches to deal with six security vulnerabilities in WhatsUp Gold, including two critical weaknesses.
The problems, according to the organization, have been rectified in version 24.0.1 launched on September 20, 2024. No specific details about the flaws have been disclosed other than their CVE identifiers –
- CVE-2024-46905 (CVSS score: 8.8)
- CVE-2024-46906 (CVSS score: 8.8)
- CVE-2024-46907 (CVSS score: 8.8)
- CVE-2024-46908 (CVSS score: 8.8)
- CVE-2024-46909 (CVSS score: 9.8), and
- CVE-2024-8785 (CVSS score: 9.8)
Security analyst Sina Kheirkhah of Summoning Team has been recognized for uncovering and reporting the initial four flaws. Andy Niu of Trend Micro has been acknowledged for CVE-2024-46909, while Tenable has been credited for CVE-2024-8785.
It’s important to mention that Trend Micro recently stated that threat actors are actively utilizing proof-of-concept (PoC) exploits for other recently disclosed security vulnerabilities in WhatsUp Gold to carry out opportunistic attacks.
Previously, the Shadowserver Foundation indicated that they had witnessed exploitation attempts against CVE-2024-4885 (CVSS score: 9.8), another crucial flaw in WhatsUp Gold that was resolved by Development in June 2024.
Customers of WhatsUp Gold are advised to implement the most recent fixes promptly to minimize potential risks.
About Author
