ET WEB_SPECIFIC_APPS Progress WhatsUp Gold HasErrors SQL Injection Authentication Bypass (CVE-2024-6670)

SID: 2055983Rev: 375 views
History
Sourceet/open
CreatedSeptember 19, 2024
UpdatedNovember 26, 2024
Classificationweb-application-activity
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Progress WhatsUp Gold HasErrors SQL Injection Authentication Bypass (CVE-2024-6670)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/NmConsole/Platform/PerformanceMonitorErrors/HasErrors"; fast_pattern; startswith; http.request_body; content:"|22|classId|22 3a 22|"; pcre:"/^[^\x22]*(?:(?:S(?:HOW\x20(?:C(?:UR(?:DAT|TIM)E|HARACTER\x20SET)|(?:VARI|T)ABLES)|ELECT\x20(?:FROM|USER))|U(?:NION\x20SELEC|PDATE\x20SE)T|DELETE\x20FROM|INSERT\x20INTO)|S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO|\x2f\*.+\*\x2f)/Ri"; reference:url,summoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/; reference:cve,2024-6670; classtype:web-application-activity; sid:2055983; rev:3; metadata:affected_product WhatsUp_Gold, created_at 2024_09_19, cve CVE_2024_6670, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlsummoning.team/blog/progress-whatsup-gold-sqli-cve-2024-6670/
cve2024-6670

Metadata

affected productWhatsUp_Gold
created at2024_09_19
deploymentInternal
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_11_26
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!