Platform
windows
Component
whatsup-gold
Opgelost in
2023.1.3
CVE-2024-4884 describes a critical Remote Code Execution (RCE) vulnerability discovered in WhatsUp Gold, a network monitoring and management platform. This flaw allows an unauthenticated attacker to execute arbitrary commands on the affected system, potentially leading to complete system compromise. The vulnerability impacts versions 2023.1.0 through 2023.1.2, and a patch is available in version 2023.1.3.
The impact of CVE-2024-4884 is severe. Successful exploitation allows an attacker to execute commands with the iisapppool\nmconsole privileges. This grants them significant control over the system hosting WhatsUp Gold, potentially enabling them to install malware, steal sensitive data (network configurations, monitoring data, credentials), modify system settings, and even pivot to other systems within the network. Given WhatsUp Gold's role in network monitoring, an attacker could gain a comprehensive view of the network topology and identify other valuable targets. The lack of authentication required for exploitation significantly broadens the attack surface.
CVE-2024-4884 was publicly disclosed on June 25, 2024. The vulnerability is considered highly exploitable due to the lack of authentication and the availability of a relatively straightforward attack vector. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. The CVSS score of 9.8 indicates a critical severity and a high probability of exploitation. It has not yet been added to the CISA KEV catalog as of this writing.
Organizations heavily reliant on WhatsUp Gold for network monitoring and management are at significant risk. This includes businesses of all sizes, particularly those with limited security resources or those who have not diligently applied security patches. Shared hosting environments where multiple customers share the same server instance are also at increased risk, as a compromise of one customer's WhatsUp Gold instance could potentially lead to the compromise of others.
• windows / supply-chain:
Get-Process -Name 'wupgold' | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='WhatsUp Gold']]]" | Select-Object -First 10• generic web:
curl -I https://<your_wupgold_server>/APM/Areas/APM/Controllers/CommunityController• generic web:
grep -i 'iisapppool\nmconsole' /var/log/apache2/error.log # or equivalent access/error log pathdisclosure
patch
Exploit Status
EPSS
55.49% (98% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-4884 is to immediately upgrade to WhatsUp Gold version 2023.1.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the WhatsUp Gold server, particularly from untrusted sources. Review firewall rules to ensure only necessary ports are open. Monitor system logs for suspicious activity related to the Apm.UI.Areas.APM.Controllers.CommunityController endpoint. While a WAF may offer some protection, it is not a substitute for patching.
Werk WhatsUp Gold bij naar versie 2023.1.3 of hoger. Deze update corrigeert de remote code execution kwetsbaarheid door ongeautoriseerde bestandsuploads te beperken. Raadpleeg het Progress beveiligingsbulletin voor meer details en update-instructies.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-4884 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2, allowing unauthenticated attackers to execute commands.
You are affected if you are running WhatsUp Gold versions 2023.1.0 through 2023.1.2. Immediately check your version and upgrade if necessary.
Upgrade to WhatsUp Gold version 2023.1.3 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary network restrictions.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the Progress WhatsUp Gold security advisory for detailed information and updates: [https://www.progress.com/security-advisories/psa-20240625-01](https://www.progress.com/security-advisories/psa-20240625-01)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.