Unauthenticated Remote Code Execution Vulnerability in Progress WhatsUpGold
CVE-2024-4885

9.8CRITICAL

Key Information:

Vendor
Progress Software
Status
Whatsup Gold
Vendor
CVE Published:
25 June 2024

Badges

📈 Trended📈 Score: 4,610👾 Exploit Exists📰 News Worthy

What is CVE-2024-4885?

CVE-2024-4885 is a critical vulnerability in Progress WhatsUp Gold, a popular network monitoring solution used by organizations to track the performance and reliability of network infrastructures. This vulnerability allows unauthenticated remote code execution, meaning that an attacker can execute arbitrary commands on the affected systems without needing valid credentials. If exploited, this vulnerability can compromise the integrity and security of network operations, potentially leading to unauthorized access to sensitive data and disruption of services within an organization.

Technical Details

The vulnerability exists in the functionality associated with the WhatsUp.ExportUtilities.Export.GetFileWithoutZip component of WhatsUp Gold, specifically in versions released before 2023.1.3. It allows malicious actors to run commands with privileges associated with the iisapppool\nmconsole account. The execution of arbitrary commands without proper authentication poses a significant risk, as it may enable attackers to gain extensive control over the affected systems and environment.

Impact of the Vulnerability

  • Unauthorized Access: The ability for an attacker to execute commands remotely without authentication can lead to unauthorized access to network resources, potentially allowing attackers to steal sensitive information or manipulate system settings.

  • Service Disruption: Given that WhatsUp Gold plays a key role in monitoring network health, exploitation of this vulnerability could lead to significant disruptions in network monitoring capabilities, resulting in downtime or degraded service quality.

  • Escalation of Attacks: Once an attacker gains entry via this vulnerability, they may leverage this access to launch further attacks or implant malware, potentially facilitating future breaches or involvement in ransomware activities, even if the current circumstances do not explicitly link the two.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

News Articles

favicon imageThe Cyber Express

Critical CVE-2024-4885 Flaw In WhatsUp Gold Exposes Systems

Progress Software’s WhatsUp Gold has a severe CVE-2024-4885 flaw allowing remote code execution.

4 months ago

favicon imageiThome

6月WhatsUp Gold修補漏洞,8月初駭客攻擊行動開始現蹤

本月初Shadowserver基金會發現,Progress在6月修補的RCE漏洞CVE-2024-4885,已被實際用於攻擊行動,呼籲IT人員要儘速修補

5 months ago

References

https://www.progress.com/network-monitoring
product
https://community.progress.com/s/article/WhatsUp-Gold-Sec...
vendor-advisory

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Summoning Team

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database9 News Article(s)

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
.