CVE-2024-8785
Published: 02 December 2024
Summary
CVE-2024-8785 is a critical-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability in Progress Whatsup Gold. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 11.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-8785 affects WhatsUp Gold versions prior to 2024.0.1 and stems from improper access controls in the NmAPI.exe component. The flaw permits modification of registry values under the HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\ path without authentication, corresponding to CWE-648.
A remote attacker with no credentials can send crafted requests to NmAPI.exe over the network to create or alter registry entries. Successful exploitation grants the ability to modify system configuration data, which under the CVSS vector yields full confidentiality, integrity, and availability impact with a score of 9.8.
Progress Software advisories direct customers to upgrade to WhatsUp Gold 2024.0.1 or later; the associated release notes confirm that the registry modification path is restricted after the update. The referenced security bulletin and product documentation provide the primary remediation guidance.
EPSS for the CVE rose from a low baseline to a peak of 0.1102 on 2025-12-11 before receding to the current value of 0.0404, indicating a period of increased exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49604
Vulnerability details
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.