CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2024-43461 in the MSHTML platform and CVE-2024-6670 in Progress WhatsUp Gold, citing active exploitation and PoCs. Organizations are urged to patch promptly due to high risk and observed abuse. #ProgressWhatsUpGold #MSHTML #CVE-2024-6670 #CVE-2024-43461 #CISAKEV
Keypoints
- CISA added CVE-2024-43461 (MSHTML) and CVE-2024-6670 (Progress WhatsUp Gold) to the KEV catalog.
- CVE-2024-6670 is rated 9.8 and enables an unauthenticated attacker to retrieve encrypted passwords.
- Exploits began within hours of a PoC release, highlighting urgent patching needs.
- Microsoft patching addressed two high-severity MSHTML vulnerabilities tied to spoofing attacks.
- Cyble tracked 381 internet-exposed Progress WhatsUp Gold instances requiring prompt remediation.
- Cyble recommends comprehensive patch management, monitoring, and network segmentation to mitigate risks.
MITRE Techniques
- [T1203] Exploitation for Client Execution β Attackers exploit vulnerabilities in client applications to execute malicious code. [βAttackers exploit vulnerabilities in client applications to execute malicious code.β]
- [T1059.001] PowerShell β Remote code execution via PowerShell scripts used by attackers (Active Monitor PowerShell Script). [βTrend Micro researchers detected remote code execution (RCE) attacks against WhatsUp Gold that exploited the Active Monitor PowerShell Script.β]
- [T1003] Credential Dumping β Retrieving credentials from memory, databases, or other storage locations. [βRetrieving credentials from memory, databases, or other storage locations.β]
Indicators of Compromise
- [CVE] CVE-2024-6670, CVE-2024-43461 β vulnerabilities cited in KEV and exploited in PoCs and observed exploits.
- [Asset] 381 internet-exposed Progress WhatsUp Gold instances β Cyble ODIN detected exposed deployments.
- [URL] https://github.com/sinsinology/CVE-2024-6670?tab=readme-ov-file β public PoC linked to the vulnerability exploitation.
- [Software] Progress WhatsUp Gold β affected product with CVE-2024-6670 exploitation observed (pre-2024.0.0 versions).
- [Software] MSHTML β affected Microsoft Windows MSHTML platform used in exploitation chains (CVE-2024-43461 and related).