https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 <br/></td> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 <br/></td> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2024-4884

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Jun 25, 2024 / Updated: 4mo ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommunityController class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account.

Impact

This vulnerability has a CVSS v3.1 base score of 9.8 out of 10, categorized as HIGH severity. It allows for remote code execution without requiring authentication or user interaction. The attack vector is through the network with low attack complexity. If exploited, it can lead to a complete compromise of system confidentiality, integrity, and availability. Attackers can execute arbitrary commands with iisapppool\nmconsole privileges, potentially resulting in full system compromise, data theft, service disruption, and use of the affected system as a launch point for further attacks.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Progress Software has issued an update to correct this vulnerability. The vulnerability has been addressed in WhatsUp Gold version 2023.1.3 and later.

Mitigation

1. Immediate patching: Update WhatsUp Gold to version 2023.1.3 or later as soon as possible. 2. Network segmentation: Restrict network access to the WhatsUp Gold application, especially from untrusted networks. 3. Implement strong access controls: Even though the vulnerability is exploitable without authentication, implementing robust authentication and authorization mechanisms can help limit potential damage. 4. Monitor for suspicious activities: Implement and monitor logs for any unusual command executions or network activities related to the WhatsUp Gold application. 5. Apply the principle of least privilege: Ensure that the application and its components run with the minimum necessary privileges. 6. Regular security assessments: Conduct frequent vulnerability scans and penetration tests to identify and address potential security issues promptly.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-4884

Jun 25, 2024 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2024-4884. See article

Jun 25, 2024 at 8:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 25, 2024 at 8:24 PM
Trending

This CVE started to trend in security discussions

Jun 25, 2024 at 10:55 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Jun 26, 2024 at 10:03 AM
Trending

This CVE stopped trending in security discussions

Jun 27, 2024 at 8:44 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (205145)

Aug 7, 2024 at 9:16 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (380292)

Aug 8, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Progress/whatsup_gold
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-894/
+null more

Patches

community.progress.com
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

Vendor Advisory

ZDI-24-894: Progress Software WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Progress Software has issued an update to correct this vulnerability.

References

Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
These three vulnerabilities can also lead to Remote Code Execution (RCE) in Progress WhatsUp Gold. Additionally, the popular automation server Jenkins has patched an RCE vulnerability in its latest security update.
Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
These three vulnerabilities can also lead to Remote Code Execution (RCE) in Progress WhatsUp Gold. Additionally, the popular automation server Jenkins has patched an RCE vulnerability in its latest security update.

News

Critical Security Flaw In WhatsUp Gold Under Active Attack - Patch Now
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. WhatsUp Gold version 2023.1.3 addresses two more critical flaws CVE-2024-4883 and CVE-2024-4884 (CVSS scores: 9.8), both of which also enable unauthenticated remote code execution through NmApi.exe and Apm.UI.Areas.APM.Controllers.CommunityController, respectively.
Critical Security Flaw in WhatsUp Gold Under Active Attack
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
Ankura CTIX FLASH Update - August 9, 2024 - Lexology
Researchers at Quorum Cyber have recently published a post regarding a new Remote Access Tool (RAT) linked to ransomware gang Hunters International. Hunters International is spreading their initial access malware by mimicking well-known networking tools in the hopes of compromising IT workers at organizations who tend to have elevated privileges.
Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
These three vulnerabilities can also lead to Remote Code Execution (RCE) in Progress WhatsUp Gold. Additionally, the popular automation server Jenkins has patched an RCE vulnerability in its latest security update.
Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
These three vulnerabilities can also lead to Remote Code Execution (RCE) in Progress WhatsUp Gold. Additionally, the popular automation server Jenkins has patched an RCE vulnerability in its latest security update.
See 30 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI