www.belgium.be Logo of the federal government

WARNING: MULTIPLE CRITICAL RCE VULNERABILITY IN PROGRESS WHATSUP GOLD, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-97
Versie: 
1.0
Geïmpacteerde software: 
Progress WhatsUp Gold 23.1.2 and older
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2024-4883 :CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-4884 :CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-4885 :CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-5008 :CVSS 8.8(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Bronnen

​https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

Risico’s

Multiple vulnerabilities leading to unauthenticated Remote Code Execution (RCE) were discovered in
Progress WhatsUp Gold. These vulnerabilities could allow an attacker without valid credentials to
execute malicious code on the systems. Exploitation of these vulnerabilities could lead to a complete
compromise of your environment, data exfiltration and ransomware deployment.

Beschrijving

CVE-2024-4883: An unauthenticated attacker could get RCE as a service account through NmApi.exe.

CVE-2024-4884: An unauthenticated attacker could get RCE using Apm.UI.Areas.APM.Controllers.CommunityController executing commands with iisapppool\\nmconsole privileges. CVE-2024-4885 An unauthenticated attacker could get RCE using WhatsUp.ExportUtilities.Export.GetFileWithoutZip executing commands with iisapppool\\nmconsole privileges.

CVE-2024-5008: An authenticated user with the necessary permissions can upload an arbitrary file and get RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.

Remark: Progress has fixed other vulnerabilities detailed in their advisory. These are: CVE-2024-5009, CVE-2024-5010, CVE-2024-5011, CVE-2024-5012, CVE-2024- 5013, CVE-2024-5014, CVE-2024-5015, CVE-2024-5016, CVE-2024-5017, CVE-2024-5018, CVE- 2024-5019.

Aanbevolen acties

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.