Remote code execution vulnerability in WhatsUp Gold
CVE-2024-46909

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 2 December 2024

🔔 Create Progress Software Vulnerability Alert

What is CVE-2024-46909?

A vulnerability exists in WhatsUp Gold prior to version 2024.0.1 that allows remote unauthenticated attackers to execute arbitrary code in the context of the service account. This could lead to unauthorized access and control over critical network monitoring functions, emphasizing the need for users to update to the latest version to mitigate potential exploitation risks.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

https://docs.progress.com/bundle/whatsupgold-release-note...

release-notes

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Sep 13, 2024

Credit

Andy Niu of Trend Micro