TLDR:

Key points:

• Critical security flaw in WhatsUp Gold (CVE-2024-4885) is actively being exploited
• Patch for the vulnerability is available in version 2023.1.3

In a recent advisory, Progress Software has highlighted a critical security flaw (CVE-2024-4885) in WhatsUp Gold that allows unauthenticated remote code execution and has been actively exploited by threat actors. The flaw resides in the GetFileWithoutZip method, enabling attackers to execute code with elevated privileges. A PoC exploit has been released by security researcher Sina Kheirkhah, with confirmed exploitation attempts observed by the Shadowserver Foundation since August 1, 2024. Additionally, WhatsUp Gold version 2023.1.3 addresses two more critical flaws (CVE-2024-4883 and CVE-2024-4884) that also enable remote code execution.

Progress Software has also patched a high-severity privilege escalation issue (CVE-2024-5009) that allows local attackers to elevate their privileges on affected installations. With a history of Progress Software flaws being exploited by malicious actors, it is crucial for admins to apply the latest security updates and restrict traffic to trusted IPs to mitigate potential threats.

Admins are urged to promptly apply the latest security updates released by Progress Software to protect their systems from potential exploitation. The company has addressed multiple critical flaws, including the actively exploited CVE-2024-4885, to prevent unauthorized remote code execution and privilege escalation on WhatsUp Gold installations.