Plattform
windows
Komponente
whatsup-gold
Behoben in
2023.1.3
CVE-2024-5009 is a Privilege Escalation vulnerability discovered in WhatsUp Gold. This flaw allows a local attacker to modify the administrator's password, effectively gaining control of the system. The vulnerability impacts versions 2023.1.0 through 2023.1.2. A patch is available in version 2023.1.3.
Successful exploitation of CVE-2024-5009 allows a local attacker to gain administrative privileges on a WhatsUp Gold server. This can lead to unauthorized access to sensitive data, modification of system configurations, and potentially complete compromise of the monitoring environment. An attacker could leverage this access to disable monitoring, install malicious software, or exfiltrate confidential information. The blast radius extends to any data or systems monitored by WhatsUp Gold, as an administrator has broad control over the platform.
CVE-2024-5009 was publicly disclosed on June 25, 2024. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's EPSS score is likely to be medium, given its local attacker requirement and potential for significant impact. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on WhatsUp Gold for network monitoring and management are at significant risk. Environments with weak access controls or limited user privilege separation are particularly vulnerable. Systems running older, unpatched versions of WhatsUp Gold are also at heightened risk.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4720" -ErrorAction SilentlyContinue | Where-Object {$_.Message -match "Wug.UI.Controllers.InstallController"}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -match "WhatsUpGold"}• windows / supply-chain:
reg query "HKLM\SOFTWARE\WhatsUp\Gold" | findstr "AdminPassword"disclosure
Exploit-Status
EPSS
36.01% (97% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-5009 is to upgrade WhatsUp Gold to version 2023.1.3 or later. If an immediate upgrade is not feasible, consider implementing stricter local account controls and monitoring for suspicious login attempts. Review user permissions and ensure the principle of least privilege is enforced. While not a direct mitigation, implementing robust logging and auditing can help detect unauthorized password changes. After upgrading, confirm the fix by attempting to modify the admin password with a non-administrative account; the attempt should be denied.
Actualice WhatsUp Gold a la versión 2023.1.3 o posterior. Esta actualización corrige la vulnerabilidad de control de acceso que permite a atacantes locales modificar la contraseña del administrador.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-5009 is a vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2 that allows a local attacker to modify the administrator's password, granting them administrative privileges.
You are affected if you are running WhatsUp Gold versions 2023.1.0, 2023.1.1, or 2023.1.2. Upgrade to version 2023.1.3 or later to mitigate the risk.
The recommended fix is to upgrade to WhatsUp Gold version 2023.1.3 or later. If immediate upgrade is not possible, restrict access to the vulnerable endpoint.
While no public exploits are currently available, the ease of exploitation suggests a potential for rapid exploitation. Monitor your systems closely.
Refer to the official WhatsUp Gold security advisory for detailed information and updates: [https://www.whatsupgold.com/security-advisory](https://www.whatsupgold.com/security-advisory)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.