This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical code flaw in WhatsUp Gold allowing credential relay. π **Consequences**: Attackers can steal encrypted user credentials and send them to arbitrary hosts. π₯ **Impact**: Full compromise of networkβ¦
π‘οΈ **Root Cause**: Improper handling of API transactions. β οΈ **Flaw**: The application fails to validate the destination for encrypted credential relay. π **CWE**: Not explicitly mapped in provided data, but relates to *β¦
π¦ **Product**: Progress Software WhatsUp Gold. π **Affected Versions**: - 21.0.0 - 21.1.1 - 22.0.0 π **Scope**: All installations running these specific versions are vulnerable.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Action**: Call API transactions without authentication. π **Data Access**: Intercept and relay **encrypted WhatsUp Gold user credentials**. π― **Target**: Credentials can be sent to **any arbitrary host** controlled β¦
π **Auth Requirement**: **None** (Unauthenticated). βοΈ **Config**: No special configuration needed. π **Threshold**: **LOW**. Any network-accessible instance can be exploited immediately.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exploit**: No specific PoC code provided in the data. π **Wild Exploitation**: High risk due to **unauthenticated** nature and critical severity. π **Status**: Likely being actively exploited in the wild givenβ¦
π **Check**: Scan for WhatsUp Gold API endpoints. π **Verify**: Check installed version against 21.0.0 - 22.0.0. π‘οΈ **Monitor**: Look for unusual outbound traffic from the server to unknown IPs (credential relay).
Q8Is it fixed officially? (Patch/Mitigation)
π§ **Official Fix**: Yes, Progress Software issued a Critical Product Alert. π₯ **Action**: Update to the latest patched version immediately. π **Reference**: Check the Progress Community article for specific patch detailsβ¦
π« **No Patch?**: Isolate the server from the network. π **Mitigation**: Block outbound connections to non-whitelisted IPs. π **Disable**: Disable external API access if possible until patched.