Platform
windows
Component
whatsup-gold
Fixed in
2023.1.3
CVE-2024-5009 is a Privilege Escalation vulnerability discovered in WhatsUp Gold. This flaw allows a local attacker to modify the administrator's password, effectively gaining control of the system. The vulnerability impacts versions 2023.1.0 through 2023.1.2. A patch is available in version 2023.1.3.
Successful exploitation of CVE-2024-5009 grants an attacker complete administrative control over the affected WhatsUp Gold instance. This includes the ability to modify network configurations, access sensitive data, install malicious software, and potentially pivot to other systems on the network. The impact is significant, as a compromised WhatsUp Gold server can serve as a launchpad for broader attacks. Given WhatsUp Gold's role in network monitoring and management, an attacker could leverage this vulnerability to gain a comprehensive view of the network infrastructure and identify further targets.
CVE-2024-5009 was publicly disclosed on June 25, 2024. No public proof-of-concept exploits are currently available, but the ease of exploitation (requiring only local access) suggests a potential for rapid exploitation. The EPSS score is likely to be assessed as medium due to the vulnerability's ease of exploitation and potential impact. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
36.01% (97% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5009 is to immediately upgrade WhatsUp Gold to version 2023.1.3 or later. If upgrading is not immediately feasible, consider restricting access to the Wug.UI.Controllers.InstallController endpoint. While not a complete solution, this can help limit the attack surface. Monitor system logs for suspicious activity related to password changes or unauthorized access attempts. After upgrading, confirm the fix by attempting to access the admin password modification functionality with a non-administrative user account; access should be denied.
Actualice WhatsUp Gold a la versión 2023.1.3 o posterior. Esta actualización corrige la vulnerabilidad de control de acceso que permite a atacantes locales modificar la contraseña del administrador.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5009 is a vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2 that allows a local attacker to modify the administrator's password, granting them administrative privileges.
You are affected if you are running WhatsUp Gold versions 2023.1.0, 2023.1.1, or 2023.1.2. Upgrade to version 2023.1.3 or later to mitigate the risk.
The recommended fix is to upgrade to WhatsUp Gold version 2023.1.3 or later. If immediate upgrade is not possible, restrict access to the vulnerable endpoint.
While no public exploits are currently available, the ease of exploitation suggests a potential for rapid exploitation. Monitor your systems closely.
Refer to the official WhatsUp Gold security advisory for detailed information and updates: [https://www.whatsupgold.com/security-advisory](https://www.whatsupgold.com/security-advisory)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.