Unauthenticated Denial of Service Vulnerability in WhatsUp Gold Prior to 2023.1.3
CVE-2024-5013

7.5HIGH

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 25 June 2024

Summary

An unauthenticated Denial of Service vulnerability exists in WhatsUp Gold versions prior to 2023.1.3, which permits an unauthorized attacker to trigger a fault during the SetAdminPassword installation step. This exploitation method can lead to the application becoming inaccessible, significantly affecting service availability and operational continuity.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

product

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
May 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative