cbcvebase.
CVE-2022-29848
published 2022-05-11

CVE-2022-29848: In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow…

PriorityP343medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
3.51%
87.7th percentile
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

Affected

2 ranges
VendorProductVersion rangeFixed in
progresswhatsup_gold
progresswhatsup_gold17.0.0 – 21.1.1

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability allows an authenticated user to invoke an API transaction to read sensitive OS attributes from hosts accessible by WhatsUp Gold — monitor for unusual or unauthorized API calls originating from WhatsUp Gold service accounts targeting host attribute endpoints.
  • Post-exploitation activity targeting WhatsUp Gold installations on Windows may involve credential dumping via exported and decrypted credential stores — monitor for unusual file exports (e.g., CSV files) from WhatsUp Gold processes.
  • Credential dumping has been confirmed across a wide range of WhatsUp Gold versions (11.0 through 22.x) — treat any WhatsUp Gold installation in this range as potentially vulnerable to post-exploitation credential harvesting.
  • Extracted credentials are automatically added to loot in Metasploit — post-exploitation sessions on WhatsUp Gold hosts should be treated as high-severity pivots with likely credential exposure.
  • ·CVE-2022-29848 affects a specific version range of WhatsUp Gold — versions outside 17.0.0–21.1.1 and 22.0.0 are not listed as affected.
  • ·Exploitation requires authentication — unauthenticated access alone is not sufficient to trigger the sensitive OS attribute read via the API.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.