Plattform
windows
Komponente
whatsup-gold
Behoben in
2023.1.3
CVE-2024-4884 describes a critical Remote Code Execution (RCE) vulnerability discovered in WhatsUp Gold, a network monitoring and management platform. This flaw allows an unauthenticated attacker to execute arbitrary commands on the affected system, potentially leading to complete system compromise. The vulnerability impacts versions 2023.1.0 through 2023.1.2, and a patch is available in version 2023.1.3.
The impact of CVE-2024-4884 is severe. Successful exploitation allows an attacker to execute commands with the iisapppool\nmconsole privileges. This grants them significant control over the system hosting WhatsUp Gold, potentially enabling them to install malware, steal sensitive data (network configurations, monitoring data, credentials), modify system settings, and even pivot to other systems within the network. Given WhatsUp Gold's role in network monitoring, an attacker could gain a comprehensive view of the network topology and identify other valuable targets. The lack of authentication required for exploitation significantly broadens the attack surface.
CVE-2024-4884 was publicly disclosed on June 25, 2024. The vulnerability is considered highly exploitable due to the lack of authentication and the availability of a relatively straightforward attack vector. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. The CVSS score of 9.8 indicates a critical severity and a high probability of exploitation. It has not yet been added to the CISA KEV catalog as of this writing.
Organizations heavily reliant on WhatsUp Gold for network monitoring and management are at significant risk. This includes businesses of all sizes, particularly those with limited security resources or those who have not diligently applied security patches. Shared hosting environments where multiple customers share the same server instance are also at increased risk, as a compromise of one customer's WhatsUp Gold instance could potentially lead to the compromise of others.
• windows / supply-chain:
Get-Process -Name 'wupgold' | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='WhatsUp Gold']]]" | Select-Object -First 10• generic web:
curl -I https://<your_wupgold_server>/APM/Areas/APM/Controllers/CommunityController• generic web:
grep -i 'iisapppool\nmconsole' /var/log/apache2/error.log # or equivalent access/error log pathdisclosure
patch
Exploit-Status
EPSS
55.49% (98% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-4884 is to immediately upgrade to WhatsUp Gold version 2023.1.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the WhatsUp Gold server, particularly from untrusted sources. Review firewall rules to ensure only necessary ports are open. Monitor system logs for suspicious activity related to the Apm.UI.Areas.APM.Controllers.CommunityController endpoint. While a WAF may offer some protection, it is not a substitute for patching.
Actualice WhatsUp Gold a la versión 2023.1.3 o posterior. Esta actualización corrige la vulnerabilidad de ejecución remota de código al restringir la carga de archivos no autorizados. Consulte el boletín de seguridad de Progress para obtener más detalles e instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-4884 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2, allowing unauthenticated attackers to execute commands.
You are affected if you are running WhatsUp Gold versions 2023.1.0 through 2023.1.2. Immediately check your version and upgrade if necessary.
Upgrade to WhatsUp Gold version 2023.1.3 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary network restrictions.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the Progress WhatsUp Gold security advisory for detailed information and updates: [https://www.progress.com/security-advisories/psa-20240625-01](https://www.progress.com/security-advisories/psa-20240625-01)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.