Platform
windows
Component
whatsup-gold
Fixed in
2023.1.3
CVE-2024-4883 describes a critical Remote Code Execution (RCE) vulnerability affecting WhatsUp Gold network monitoring software. This flaw allows an unauthenticated attacker to execute arbitrary code on the system with service account privileges. The vulnerability impacts versions 2023.1.0 through 2023.1.2, and a patch is available in version 2023.1.3.
The impact of CVE-2024-4883 is severe. Successful exploitation grants an attacker complete control over the affected WhatsUp Gold server. This includes the ability to install malware, steal sensitive data (network configurations, performance metrics, credentials stored within the system), and potentially pivot to other systems on the network. Given WhatsUp Gold's role in network monitoring, an attacker could gain a comprehensive view of the entire network infrastructure, facilitating further reconnaissance and attacks. The lack of authentication required for exploitation significantly broadens the attack surface, making it accessible to a wide range of threat actors.
CVE-2024-4883 was publicly disclosed on June 25, 2024. The vulnerability is considered highly exploitable due to the lack of authentication and the ease of triggering the RCE. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. The CVSS score of 9.8 indicates a critical severity, and the vulnerability is likely to be added to CISA KEV catalog soon.
Exploit Status
EPSS
92.24% (100% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-4883 is to immediately upgrade WhatsUp Gold to version 2023.1.3 or later. If upgrading is not immediately feasible, consider isolating the affected server from the network to prevent external access. While not a complete solution, implementing strict firewall rules to restrict access to NmApi.exe on port 4986 can reduce the attack surface. Monitor network traffic for suspicious connections to port 4986. After upgrading, confirm the vulnerability is resolved by attempting to trigger the vulnerability using the original exploit vector and verifying that the execution is blocked.
Update WhatsUp Gold to version 2023.1.3 or later. This update fixes the remote code execution vulnerability. Download the latest version from the official Progress Software website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-4883 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2, allowing unauthenticated attackers to execute code.
If you are running WhatsUp Gold versions 2023.1.0 through 2023.1.2, you are affected by this vulnerability. Upgrade immediately.
Upgrade to WhatsUp Gold version 2023.1.3 or later to remediate the vulnerability. If immediate upgrade is not possible, isolate the server and restrict access to NmApi.exe.
While active exploitation is not yet confirmed, the vulnerability's critical severity and ease of exploitation suggest it is likely to be targeted soon.
Refer to the official WhatsUp Gold security advisory for detailed information and mitigation steps: [https://www.whatsmsgold.com/security-advisories](https://www.whatsmsgold.com/security-advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.