Unauthenticated Arbitrary File Read Vulnerability in WhatsUp Gold
CVE-2024-5019

7.5HIGH

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 25 June 2024

Summary

An unauthenticated Arbitrary File Read vulnerability exists in WhatsUp Gold, specifically in the Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS component. This flaw affects versions released before 2023.1.3, permitting unauthorized access to read any file within the context of the iisapppool\NmConsole privileges. The potential exploitation of this vulnerability could lead to significant data exposure, making it critical for users to apply patches and updates to safeguard their systems.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

product

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
May 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative