CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-4885

CVSS 9.8v3.1pub. 2024-06-25upd. 2025-10-31

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

🤖 AI Analysis
How it works

The vulnerability exists in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, which does not properly validate file paths provided by users (CWE-22, path traversal). An attacker without any privileges can use a crafted network request to invoke this function and trigger arbitrary system commands. The commands are executed in the context of the iisapppool\nmconsole service account, giving the attacker a foothold on the server operating system.

Impact

An attacker can remotely execute arbitrary code on the server without authentication, leading to complete system compromise, data theft, and potential lateral movement within the internal network.

Mitigation & patch

Progress WhatsUp Gold must be immediately updated to version 2023.1.3 or later. Detailed information is available in the vendor's security bulletin: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

Who is affected

Progress WhatsUp Gold in all versions released before 2023.1.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Progress Whatsup Gold

    APP
    Progress
    < 23.1.3

CISA KEV — detailsi

Vendori
Progress
Producti
WhatsUp Gold
Added to KEVi
March 3, 2025
Remediation deadline (US Federal)i
March 24, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 marca 2025
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2024-6670CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SQL Injection w Progress WhatsUp Gold — kradzież zaszyfrowanych haseł

CVE-2024-12106CRITICAL9.4PL ✓ten sam produkt

Progress WhatsUp Gold — nieautoryzowana konfiguracja ustawień LDAP

CVE-2024-12108CRITICAL9.6PL ✓ten sam produkt

Progress WhatsUp Gold — nieautoryzowany dostęp do serwera przez publiczne API

CVE-2024-46909CRITICAL9.8PL ✓ten sam produkt

Zdalne wykonanie kodu w Progress WhatsUp Gold (RCE bez uwierzytelnienia)

CVE-2024-8785CRITICAL9.8PL ✓ten sam produkt

Progress WhatsUp Gold – nieautoryzowana modyfikacja rejestru Windows przez NmAPI.exe