Platform
windows
Component
whatsup-gold
Fixed in
2023.1.3
CVE-2024-4884 describes a critical Remote Code Execution (RCE) vulnerability discovered in WhatsUp Gold, a network monitoring and management platform. This flaw allows an unauthenticated attacker to execute arbitrary commands on the affected system, potentially leading to complete system compromise. The vulnerability impacts versions 2023.1.0 through 2023.1.2, and a patch is available in version 2023.1.3.
The impact of CVE-2024-4884 is severe. Successful exploitation allows an attacker to execute commands with the iisapppool\nmconsole privileges. This grants them significant control over the system hosting WhatsUp Gold, potentially enabling them to install malware, steal sensitive data (network configurations, monitoring data, credentials), modify system settings, and even pivot to other systems within the network. Given WhatsUp Gold's role in network monitoring, an attacker could gain a comprehensive view of the network topology and identify other valuable targets. The lack of authentication required for exploitation significantly broadens the attack surface.
CVE-2024-4884 was publicly disclosed on June 25, 2024. The vulnerability is considered highly exploitable due to the lack of authentication and the availability of a relatively straightforward attack vector. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. The CVSS score of 9.8 indicates a critical severity and a high probability of exploitation. It has not yet been added to the CISA KEV catalog as of this writing.
Exploit Status
EPSS
55.49% (98% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-4884 is to immediately upgrade to WhatsUp Gold version 2023.1.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the WhatsUp Gold server, particularly from untrusted sources. Review firewall rules to ensure only necessary ports are open. Monitor system logs for suspicious activity related to the Apm.UI.Areas.APM.Controllers.CommunityController endpoint. While a WAF may offer some protection, it is not a substitute for patching.
Update WhatsUp Gold to version 2023.1.3 or later. This update fixes the remote code execution vulnerability by restricting unauthorized file uploads. See the Progress security bulletin for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-4884 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2, allowing unauthenticated attackers to execute commands.
You are affected if you are running WhatsUp Gold versions 2023.1.0 through 2023.1.2. Immediately check your version and upgrade if necessary.
Upgrade to WhatsUp Gold version 2023.1.3 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary network restrictions.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the Progress WhatsUp Gold security advisory for detailed information and updates: [https://www.progress.com/security-advisories/psa-20240625-01](https://www.progress.com/security-advisories/psa-20240625-01)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.