Unauthenticated Remote Code Execution Vulnerability in Progress WhatsUpGold
CVE-2024-4885
Key Information:
- Vendor
- Progress Software
- Status
- Vendor
- CVE Published:
- 25 June 2024
Badges
What is CVE-2024-4885?
CVE-2024-4885 is a critical vulnerability in Progress WhatsUp Gold, a popular network monitoring solution used by organizations to track the performance and reliability of network infrastructures. This vulnerability allows unauthenticated remote code execution, meaning that an attacker can execute arbitrary commands on the affected systems without needing valid credentials. If exploited, this vulnerability can compromise the integrity and security of network operations, potentially leading to unauthorized access to sensitive data and disruption of services within an organization.
Technical Details
The vulnerability exists in the functionality associated with the WhatsUp.ExportUtilities.Export.GetFileWithoutZip
component of WhatsUp Gold, specifically in versions released before 2023.1.3. It allows malicious actors to run commands with privileges associated with the iisapppool\nmconsole
account. The execution of arbitrary commands without proper authentication poses a significant risk, as it may enable attackers to gain extensive control over the affected systems and environment.
Impact of the Vulnerability
-
Unauthorized Access: The ability for an attacker to execute commands remotely without authentication can lead to unauthorized access to network resources, potentially allowing attackers to steal sensitive information or manipulate system settings.
-
Service Disruption: Given that WhatsUp Gold plays a key role in monitoring network health, exploitation of this vulnerability could lead to significant disruptions in network monitoring capabilities, resulting in downtime or degraded service quality.
-
Escalation of Attacks: Once an attacker gains entry via this vulnerability, they may leverage this access to launch further attacks or implant malware, potentially facilitating future breaches or involvement in ransomware activities, even if the current circumstances do not explicitly link the two.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
WhatsUp Gold Windows 2023.1.0
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm
CISA adds five exploited vulnerabilities to its KEV catalog, including flaws in Cisco, Microsoft, and Progress software.
2 weeks ago

Critical CVE-2024-4885 Flaw In WhatsUp Gold Exposes Systems
Progress Software’s WhatsUp Gold has a severe CVE-2024-4885 flaw allowing remote code execution.
References
EPSS Score
83% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by Summoning Team
Vulnerability published
Vulnerability Reserved