WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
wird übersetzt…Plattform
windows
Komponente
whatsup-gold
Behoben in
2024.0.1
CVE-2024-46909 is a critical Remote Code Execution (RCE) vulnerability discovered in WhatsUp Gold monitoring software. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system, potentially leading to complete system takeover. The vulnerability impacts versions 2023.1.0 through 2024.0, and a patch is available in version 2024.0.1.
Auswirkungen und Angriffsszenarienwird übersetzt…
The impact of CVE-2024-46909 is severe. Successful exploitation allows an attacker to execute code with the privileges of the WhatsUp Gold service account. This could enable them to install malware, steal sensitive data, modify system configurations, or even pivot to other systems on the network. Given the monitoring nature of WhatsUp Gold, attackers could potentially gain access to network diagrams, server inventories, and other critical infrastructure information. The lack of authentication required for exploitation significantly broadens the attack surface, making it a high-priority risk.
Ausnutzungskontextwird übersetzt…
CVE-2024-46909 was publicly disclosed on December 2, 2024. While no public proof-of-concept (PoC) code has been released as of this writing, the CRITICAL severity and ease of exploitation (unauthenticated remote access) suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV, but its severity warrants close monitoring. Active campaigns targeting this vulnerability are possible.
Wer Ist Gefährdetwird übersetzt…
Organizations heavily reliant on WhatsUp Gold for network monitoring and performance management are particularly at risk. Environments with limited network segmentation or exposed monitoring servers are especially vulnerable. Shared hosting environments where multiple customers share the same WhatsUp Gold instance also face increased risk.
Erkennungsschrittewird übersetzt…
• windows / supply-chain:
Get-Process -Name "WhatsUpGoldService" | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='WhatsUp Gold Service']]]" -MaxEvents 10• generic web:
curl -I https://<your_whatsupgold_server>/ # Check for unexpected responses or exposed endpointsAngriffszeitlinie
- Disclosure
disclosure
Bedrohungsanalyse
Exploit-Status
EPSS
28.84% (97% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workaroundswird übersetzt…
The primary mitigation for CVE-2024-46909 is to immediately upgrade to WhatsUp Gold version 2024.0.1 or later. If upgrading is not immediately feasible, consider segmenting the WhatsUp Gold server from critical network resources to limit potential blast radius. While a direct workaround isn't available, implementing strict network access controls to restrict external access to the WhatsUp Gold server can reduce the attack surface. Monitor WhatsUp Gold logs for suspicious activity, particularly attempts to access or modify system files. After upgrading, confirm the vulnerability is resolved by attempting a test exploit (if safe to do so in a non-production environment) or verifying that the relevant code paths have been patched.
So behebenwird übersetzt…
Actualice WhatsUp Gold a la versión 2024.0.1 o posterior. La actualización corrige la vulnerabilidad de recorrido de directorios y ejecución remota de código. Consulte el boletín de seguridad de Progress para obtener más detalles e instrucciones de actualización.
CVE-Sicherheitsnewsletter
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2024-46909 — RCE in WhatsUp Gold?
CVE-2024-46909 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2024.0, allowing unauthenticated attackers to execute code.
Am I affected by CVE-2024-46909 in WhatsUp Gold?
If you are running WhatsUp Gold versions 2023.1.0 through 2024.0, you are affected by this vulnerability. Upgrade to 2024.0.1 or later.
How do I fix CVE-2024-46909 in WhatsUp Gold?
Upgrade to WhatsUp Gold version 2024.0.1 or later to patch the vulnerability. Consider network segmentation as a temporary mitigation.
Is CVE-2024-46909 being actively exploited?
While no public exploits are currently available, the CRITICAL severity and ease of exploitation suggest a high probability of active exploitation.
Where can I find the official WhatsUp Gold advisory for CVE-2024-46909?
Refer to the official WhatsUp Gold security advisory for detailed information and patch download links: [https://www.whatsupgold.com/security-advisories](https://www.whatsupgold.com/security-advisories)
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.