Unauthenticated Remote Code Execution Vulnerability in Progress WhatsUpGold
CVE-2024-4885

9.8CRITICAL

Key Information:

Vendor
Progress Software
Status
Whatsup Gold
Vendor
CVE Published:
25 June 2024

Badges

📈 Trended📈 Score: 4,610👾 Exploit Exists🟣 EPSS 87%🦅 CISA Reported📰 News Worthy

What is CVE-2024-4885?

CVE-2024-4885 is a critical vulnerability in Progress WhatsUp Gold, a popular network monitoring solution used by organizations to track the performance and reliability of network infrastructures. This vulnerability allows unauthenticated remote code execution, meaning that an attacker can execute arbitrary commands on the affected systems without needing valid credentials. If exploited, this vulnerability can compromise the integrity and security of network operations, potentially leading to unauthorized access to sensitive data and disruption of services within an organization.

Technical Details

The vulnerability exists in the functionality associated with the WhatsUp.ExportUtilities.Export.GetFileWithoutZip component of WhatsUp Gold, specifically in versions released before 2023.1.3. It allows malicious actors to run commands with privileges associated with the iisapppool\nmconsole account. The execution of arbitrary commands without proper authentication poses a significant risk, as it may enable attackers to gain extensive control over the affected systems and environment.

Impact of the Vulnerability

  • Unauthorized Access: The ability for an attacker to execute commands remotely without authentication can lead to unauthorized access to network resources, potentially allowing attackers to steal sensitive information or manipulate system settings.

  • Service Disruption: Given that WhatsUp Gold plays a key role in monitoring network health, exploitation of this vulnerability could lead to significant disruptions in network monitoring capabilities, resulting in downtime or degraded service quality.

  • Escalation of Attacks: Once an attacker gains entry via this vulnerability, they may leverage this access to launch further attacks or implant malware, potentially facilitating future breaches or involvement in ransomware activities, even if the current circumstances do not explicitly link the two.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

News Articles

favicon imageThe Hacker News

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm

CISA adds five exploited vulnerabilities to its KEV catalog, including flaws in Cisco, Microsoft, and Progress software.

2 weeks ago

favicon imageThe Cyber Express

Critical CVE-2024-4885 Flaw In WhatsUp Gold Exposes Systems

Progress Software’s WhatsUp Gold has a severe CVE-2024-4885 flaw allowing remote code execution.

References

https://www.progress.com/network-monitoring
product
https://community.progress.com/s/article/WhatsUp-Gold-Sec...
vendor-advisory

EPSS Score

87% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Summoning Team

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
.