A critical security flaw affecting Progress Software’s WhatsUp Gold is seeing active exploit attempts, making it important for users to quickly deploy the latest version.
The vulnerability in question CVE-2024-4885 (CVSS Score: 9.8), an unauthenticated remote code execution bug affecting versions of the network monitoring application released prior to 2023.1.3.
“WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows you to execute commands with iisapppool\\nmconsole privileges,” the company said in a statement. said in a recommendation published at the end of June 2024.
According to security researcher Sina Heirkha of the Summoning Team, the flaw lives in the implementation of the GetFileWithoutZip method, which fails to perform adequate validation of user-supplied paths before using it.
An attacker could take advantage of this behavior to execute code in the context of a service account. Kheirkhah has since released a proof-of-concept (PoC) exploit.
The Shadowserver Foundation said it has observed attempts to exploit the flaw since August 1, 2024. “Since August 1, we have seen /NmAPI/RecurringReport CVE-2024-4885 attempts to exploit the callback (6 src IPs so far),” it said in a message on X.
WhatsUp Gold version 2023.1.3 fixes two more critical flaws CVE-2024-4883 and CVE-2024-4884 (CVSS scores: 9.8), both of which also allow unauthenticated remote code execution via NmApi.exe and Apm.UI.Areas.APM.Controllers.CommunityController, respectively.
Progress Software also addresses the high-severity privilege escalation issue (CVE-2024-5009CVSS score: 8.4), which allows local attackers to elevate their privileges on affected installations by using the SetAdminPassword method.
Due to vulnerabilities in Progress Software regularly exploited by threat actors for malicious purposes, it is critical that administrators apply the latest security updates and allow traffic only from trusted IP addresses to reduce potential threats.
