Critical Security Flaw in WhatsUp Gold
A critical security flaw has been identified in the network monitoring software, Progress Software WhatsUp Gold, prompting immediate action from users. This vulnerability, known as CVE-2024-4885, holds a high-risk score of 9.8 out of 10. It allows hackers to execute remote code without needing to be authenticated. This impacts software versions released before 2023.1.3.
The company disclosed that the issue resides in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, which mistakenly allows the execution of commands with elevated privileges. According to a security advisory from June 2024, this flaw requires urgent attention.
Exploitation Attempts Reported
Security researcher Sina Kheirkhah has pointed out that the flaw stems from inadequate validation of user-supplied paths in the GetFileWithoutZip method. If exploited, attackers can execute code as the service account. A proof-of-concept (PoC) exploit has been released, and Shadowserver Foundation has tracked exploitation attempts since August 2024.
Additional Vulnerabilities Addressed
The recent software update, WhatsUp Gold version 2023.1.3, also fixes two other critical vulnerabilities, CVE-2024-4883 and CVE-2024-4884, both with the same high severity score of 9.8. These flaws could also lead to unauthorized remote code execution.
Furthermore, a fix has been provided for a high-severity issue, CVE-2024-5009, which previously allowed local attackers to escalate privileges by exploiting the SetAdminPassword feature.
Mitigation Recommendations
Given that threats exploiting Progress Software vulnerabilities are common, it is crucial for system administrators to implement the latest patches promptly. Additionally, restricting network traffic to trusted IP addresses can help mitigate potential risks and secure systems against unauthorized access.
