CVE-2024-4885 Progress WhatsUp Gold Path Traversal Vulnerability

​CVE-2024-4885 is a critical security vulnerability identified in Progress Software’s network monitoring solution, WhatsUp Gold, affecting versions released before 2023.1.3. This vulnerability allows unauthenticated remote code execution (RCE), enabling attackers to execute arbitrary commands on the affected system without prior authentication. The flaw resides in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, which can be exploited to run commands with the privileges of the iisapppool\nmconsole user. ​

What is Vulnerable to CVE-2024-4885

All versions of WhatsUp Gold released before 2023.1.3 are susceptible to this vulnerability. Organizations utilizing these versions are at significant risk, as the vulnerability can be exploited remotely without authentication. ​

Mitigation and Remediation for CVE-2024-4885

To mitigate the risks associated with CVE-2024-4885, it is imperative to upgrade WhatsUp Gold to version 2023.1.3 or later. Progress Software has addressed this vulnerability in the 2023.1.3 release, and detailed information is available in their June 2024 security bulletin. ​

Impact of Successful Exploitation of CVE-2024-4885

Exploiting CVE-2024-4885 can have severe consequences, including:​

• Complete System Compromise: Attackers can execute arbitrary code, potentially leading to full control over the affected system.​

• Data Theft: Unauthorized access to sensitive information stored on the compromised system.​

• Service Disruption: Interruption of network monitoring services, impacting the organization’s ability to oversee its IT infrastructure.​

Given the critical nature of this vulnerability, it has been actively exploited in the wild, underscoring the urgency for immediate remediation. ​

Proof of Concept for CVE-2024-4885

A proof-of-concept (PoC) exploit for CVE-2024-4885 has been publicly disclosed. Security researcher Sina Kheirkhah (@SinSinology) of SummoningTeam published an exploit demonstrating how the vulnerability can be leveraged to achieve remote code execution. The PoC is available on GitHub and includes technical analysis and exploitation details. ​

Organizations using vulnerable versions of WhatsUp Gold are strongly advised to apply the necessary patches immediately to mitigate potential risks.