WEB Progress WhatsUp Gold FailoverRegistry Remote Code Execution (CVE-2024-8785) state 1-F/Flow

Rule ID

1236033

Severity

Critical

Description

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Exploits

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-8785

T1210

T0866

T1190

T0819

Keywords

N/A

Date Created

2024/12/06

Last Updated

2024/12/09