CVE-2024-8785

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1

Description: A remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in the registry path HKEY LOCAL MACHINESOFTWAREWOW6432NodeIpswitch. This could allow an attacker to execute arbitrary code. The vulnerability is related to errors in the use of privileged application programming interfaces (API).

Recommendations: For versions prior to 2024.0.1, update to version 2024.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the NmAPI.exe to minimize the risk of exploitation.