Local Attackers Can Modify Admin's Password in Pre-2023.1.3 Versions of WhatsUp Gold
CVE-2024-5009
Key Information:
- Vendor
- Progress Software
- Status
- Vendor
- CVE Published:
- 25 June 2024
Badges
Summary
CVE-2024-5009 is a local privilege escalation vulnerability found in pre-2023.1.3 versions of WhatsUp Gold by Progress Software Corporation. The vulnerability allows local attackers to modify the admin's password, allowing them to escalate their privileges and take control of the system. The vulnerability can be exploited unauthenticated and has the potential to affect the entire network of users and machines managed by WhatsUp Gold. A proof of concept exploit for this vulnerability has been published, indicating the urgency of addressing this issue. The impact of the vulnerability is severe and requires immediate patching to prevent unauthorized access and control over affected systems.
Affected Version(s)
WhatsUp Gold Windows 2023.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Summoning TeamCVE-2024-5009Summoning Team
Lets analyze a privilege escalation which I found targeting progress whatsup gold, this is the story of CVE-2024-5009
6 months ago
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by Summoning Team
Vulnerability published
Vulnerability Reserved