Summary
A number of security vulnerabilities, including 3 with a severity of “critical,” have been detected in Progress’ WhatsUp Gold, a software for monitoring IT infrastructures.
Notes (updated 07/08/2024): a Proof of Concept (PoC) for the exploitation of CVE-2024-5008 is available online.
Notes (updated 15/07/2024): Proofs of Concept (PoC) for the exploitation of CVE-2024-5009, CVE-2024-4883, and CVE-2024-4885 are available online.
Notes: CVE-2024-4885 is actively being exploited online.
Risk
Estimate of the vulnerability’s impact on the target community: High (68.97)
Type
- Arbitrary File Write
- Denial of Service
- Information Disclosure
- Privilege Escalation
- Remote Code Execution
Affected Products and Versions
Progress WhatsUp Gold, version 23.1.2 and earlier
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Below are only the CVEs related to the vulnerabilities with severity “critical” and “high”.
| CVE | |
|---|---|
| CVE-2024-4885 | CVE-2024-5012 |
| CVE-2024-5008 | CVE-2024-5013 |
| CVE-2024-5009 | CVE-2024-5014 |
| CVE-2024-5010 | CVE-2024-5015 |
| CVE-2024-5011 | CVE-2024-5016 |
References
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
