平台
windows
组件
whatsup-gold
修复版本
2023.1.3
CVE-2024-4884 describes a critical Remote Code Execution (RCE) vulnerability discovered in WhatsUp Gold, a network monitoring and management platform. This flaw allows an unauthenticated attacker to execute arbitrary commands on the affected system, potentially leading to complete system compromise. The vulnerability impacts versions 2023.1.0 through 2023.1.2, and a patch is available in version 2023.1.3.
The impact of CVE-2024-4884 is severe. Successful exploitation allows an attacker to execute commands with the iisapppool\nmconsole privileges. This grants them significant control over the system hosting WhatsUp Gold, potentially enabling them to install malware, steal sensitive data (network configurations, monitoring data, credentials), modify system settings, and even pivot to other systems within the network. Given WhatsUp Gold's role in network monitoring, an attacker could gain a comprehensive view of the network topology and identify other valuable targets. The lack of authentication required for exploitation significantly broadens the attack surface.
CVE-2024-4884 was publicly disclosed on June 25, 2024. The vulnerability is considered highly exploitable due to the lack of authentication and the availability of a relatively straightforward attack vector. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. The CVSS score of 9.8 indicates a critical severity and a high probability of exploitation. It has not yet been added to the CISA KEV catalog as of this writing.
Organizations heavily reliant on WhatsUp Gold for network monitoring and management are at significant risk. This includes businesses of all sizes, particularly those with limited security resources or those who have not diligently applied security patches. Shared hosting environments where multiple customers share the same server instance are also at increased risk, as a compromise of one customer's WhatsUp Gold instance could potentially lead to the compromise of others.
• windows / supply-chain:
Get-Process -Name 'wupgold' | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='WhatsUp Gold']]]" | Select-Object -First 10• generic web:
curl -I https://<your_wupgold_server>/APM/Areas/APM/Controllers/CommunityController• generic web:
grep -i 'iisapppool\nmconsole' /var/log/apache2/error.log # or equivalent access/error log pathdisclosure
patch
漏洞利用状态
EPSS
55.49% (98% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-4884 is to immediately upgrade to WhatsUp Gold version 2023.1.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the WhatsUp Gold server, particularly from untrusted sources. Review firewall rules to ensure only necessary ports are open. Monitor system logs for suspicious activity related to the Apm.UI.Areas.APM.Controllers.CommunityController endpoint. While a WAF may offer some protection, it is not a substitute for patching.
将 WhatsUp Gold 更新到 2023.1.3 或更高版本。此更新通过限制未经授权的文件上传来修复远程代码执行漏洞。请参阅 Progress 安全公告以获取更多详细信息和升级说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-4884 is a critical Remote Code Execution vulnerability in WhatsUp Gold versions 2023.1.0–2023.1.2, allowing unauthenticated attackers to execute commands.
You are affected if you are running WhatsUp Gold versions 2023.1.0 through 2023.1.2. Immediately check your version and upgrade if necessary.
Upgrade to WhatsUp Gold version 2023.1.3 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary network restrictions.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the Progress WhatsUp Gold security advisory for detailed information and updates: [https://www.progress.com/security-advisories/psa-20240625-01](https://www.progress.com/security-advisories/psa-20240625-01)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。