ZDI-24-886: Progress Software WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability

July 3, 2024

Read Time:20 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request from a local machine in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.4. The following CVEs are assigned: CVE-2024-5009.

USN-7017-1: Quagga vulnerability

Iggy Frankovic discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause...

September 17, 2024

USN-7016-1: FRR vulnerability

Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause...

September 17, 2024

USN-7000-2: Expat vulnerabilities

USN-7000-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: Shang-Hung Wan...

September 17, 2024

USN-7001-2: xmltok library vulnerabilities

USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Shang-Hung...

September 17, 2024

chisel-1.10.0-1.fc39

FEDORA-2024-9b005962f9 Packages in this update: chisel-1.10.0-1.fc39 Update description: Update to new upstream version (closes rhbz#2303131) Read More

September 17, 2024

chisel-1.10.0-1.fc40

FEDORA-2024-5aad2fda6a Packages in this update: chisel-1.10.0-1.fc40 Update description: Update to new upstream version (closes rhbz#2303131) Read More

September 17, 2024

The AI Fix #16: GPT-4o1, AI time travelers, and where’s my driverless car?

US Looks to Align Security Across Government

Remotely Exploding Pagers

ICO Acts Against Sky Betting and Gaming Over Cookies

Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks

Singapore Launches Accelerator for International Cybersecurity Startups

Python Developers Targeted with Malware During Fake Job Interviews

Physical Security In The Age Of Digital: Access Control System Vulnerabilities

Over Half of Breached UK Firms Pay Ransom

ZDI-24-886: Progress Software WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability

USN-7017-1: Quagga vulnerability

USN-7016-1: FRR vulnerability

USN-7000-2: Expat vulnerabilities

USN-7001-2: xmltok library vulnerabilities

chisel-1.10.0-1.fc39

chisel-1.10.0-1.fc40