CVE-2024-6670 and CVE-2024-6671 Detection: RCE Attacks Exploiting Critical SQL Injection Vulnerabilities in WhatsUp Gold  - SOC Prime
Tags
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Msiexec - T1218.007 Powershell - T1059.001 Software - T1592.002 Vulnerabilities - T1588.006 Powershell - T1086 Remote Access Tools - T1219
Show in Graph
Common Information
Type Value
UUID 4bceb8db-6b5f-4931-9f21-b452b38b7016
Fingerprint 88fc09091b379f26
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 17, 2024, 1:09 p.m.
Added to db Sept. 17, 2024, 3:56 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline CVE-2024-6670 and CVE-2024-6671 Detection: RCE Attacks Exploiting Critical SQL Injection Vulnerabilities in WhatsUp Gold
Title CVE-2024-6670 and CVE-2024-6671 Detection: RCE Attacks Exploiting Critical SQL Injection Vulnerabilities in WhatsUp Gold  - SOC Prime
Detected Hints/Tags/Attributes 25/1/4
Source URLs
Redirection Url
Details Source https://socprime.com/blog/cve-2024-6670-and-cve-2024-6671-detection/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 37 
cve-2024-6670
Details CVE 24 
cve-2024-6671
Details File 9 
nmpoller.exe
Details File 269 
msiexec.exe