cbcvebase.
CVE-2022-29847
published 2022-05-11

CVE-2022-29847: In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would…

PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
55.86%
98.9th percentile
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

Affected

2 ranges
VendorProductVersion rangeFixed in
progresswhatsup_gold
progresswhatsup_gold21.0.0 – 21.1.1

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability allows an unauthenticated attacker to invoke an API transaction to relay encrypted WhatsUp Gold user credentials to an arbitrary host — monitor for unauthenticated API calls originating from external/unexpected sources targeting WhatsUp Gold endpoints
  • Post-exploitation activity: a Metasploit module exists that exports and decrypts WhatsUp Gold credentials to a CSV file on compromised Windows hosts — look for unexpected CSV file creation or credential export activity on WhatsUp Gold servers
  • The Metasploit credential dump module targets WhatsUp Gold versions 11.0 through 22.x — scope detection across this broad version range on Windows hosts
  • Extracted credentials are automatically added to Metasploit loot — on a compromised host, look for Metasploit loot directory writes following WhatsUp Gold process access
  • ·Affected versions are WhatsUp Gold 21.0.0 through 21.1.1 and 22.0.0 — detections and mitigations should be scoped to these specific versions

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.