CVE-2024-4885:
Unauthenticated remote code execution vulnerability in Progress WhatsUp Gold (CVE-2024-4885) affecting versions prior to 2023.1.3 via the API endpoint GetFileWithoutZip, allowing arbitrary command execution with IIS application pool privileges.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Jun 25, 2024
- CISA KEV Date:Mar 3, 2025
- Industries Affected:20
251 DaysThreat Predictions
- EPSS Score:94.2
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Unauthenticated remote code execution vulnerability in Progress WhatsUp Gold (CVE-2024-4885) affecting versions prior to 2023.1.3 via the API endpoint GetFileWithoutZip, allowing arbitrary command execution with IIS application pool privileges.
Overview
This vulnerability is a high-severity, unauthenticated remote code execution in Progress WhatsUp Gold on Windows, introduced by a directory traversal in the GetFileWithoutZip functionality of the API endpoint. An attacker can remotely trigger command execution without credentials, gaining the IIS App Pool privileges and potentially taking complete control of the affected system. The flaw maps to CWE-22 (Path Traversal) and is exploitable over the network with no user interaction, resulting in a critical impact across confidentiality, integrity, and availability.
Remediation
- Upgrade WhatsUp Gold to version 2023.1.3 or later as soon as possible, since the fix blocks the GetFileWithoutZip path traversal that enables RCE.
- Apply the vendor security bulletin and follow the vendor’s guidance for remediation and testing after patching.
- If an immediate upgrade is not feasible, implement compensating controls:
- Restrict network access to the WhatsUp Gold API endpoint with firewalls or network ACLs (allow only trusted hosts).
- Place WhatsUp Gold behind a VPN or require strong authentication for API access, if possible.
- Deploy a web application firewall or intrusion prevention system with rules to detect and block directory traversal patterns.
- Ensure the hosting Windows environment has the latest security updates and follow least-privilege practices for the IIS application pool identity.
- Monitor logs for anomalous requests targeting the API endpoint and conduct targeted security testing.
- After applying fixes, verify remediation by testing access to the API endpoint and confirming that the GetFileWithoutZip functionality cannot be abused to execute arbitrary commands; review vendor guidance for validated testing steps.
- Consider asset management and ongoing monitoring to ensure no other components are affected and to keep platforms up to date.
References
- - Progress WhatsUp Gold Security Bulletin - June 2024: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- - Progress Network Monitoring (WhatsUp Gold) product page: https://www.progress.com/network-monitoring
- - CVE-2024-4885 entry (MITRE): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4885
- - CISA Known Exploited Vulnerabilities JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Jul 23, 2024
- CISA KEV Date:Mar 3, 2025
- Days Early:251 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
