Progress WhatsUp Gold critical flaw actively attacked
Take action: If you are using Progress WhatsUp Gold, update it ASAP. Alternatively, lock down the entire service from the internet or at least the ports 9642 and 9643. But better to patch, because someone will eventually find a way in your network.
Learn More
Multiple vulnerabilities have been discovered in the current version 23.1.2 and all older releases of WhatsUp Gold. These vulnerabilities potentially allow attackers unauthorized access to root accounts.
Attack attempts have been noted on the critical flaws:
- PoC exploit is published for CVE-2024-4885.
- Shadowserver Foundation threat monitoring reports that the attempts started on August 1, 2024, coming from six distinct IP addresses.
Critical Vulnerabilities:
-
CVE-2024-4883 (CVSS score 9.8) - A remote code execution (RCE) vulnerability in Progress WhatsUp Gold, allowing unauthenticated attackers to execute code as a service account via NmApi.exe.
-
CVE-2024-4884 (CVSS score 9.8) - An unauthenticated RCE vulnerability through the CommunityController in the APM area, permitting command execution with iisapppool\nmconsole privileges.
-
CVE-2024-4885 (CVSS Score: 9.8) - An unauthenticated RCE vulnerability via ExportUtilities.Export.GetFileWithoutZip, allowing command execution with iisapppool\nmconsole privileges.
Full list of reported vulnerabilities is available in the vendor advisory.
Although there is no evidence of successful exploitation, administrators are advised to upgrade to the latest version, WhatsUp Gold 23.1.3,
- Direct upgrades to WhatsUp Gold 23.1.3 are supported from version 20.0.2 and newer.
- For missing installers, contact Customer Support for assistance.
Mitigating measures are to implement firewall rules to restrict access to trusted IP addresses on ports 9642 and 9643.
