WARNING: MULTIPLE CRITICAL RCE VULNERABILITY IN PROGRESS WHATSUP GOLD, PATCH IMMEDIATELY!
CVE-2024-4883 :CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-4884 :CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-4885 :CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-5008 :CVSS 8.8(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
Risks
Multiple vulnerabilities leading to unauthenticated Remote Code Execution (RCE) were discovered in Progress WhatsUp Gold. These vulnerabilities could allow an attacker without valid credentials to execute malicious code on the systems. Exploitation of these vulnerabilities could lead to a complete compromise of your environment, data exfiltration and ransomware deployment.
Description
CVE-2024-4883: An unauthenticated attacker could get RCE as a service account through NmApi.exe.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.