A essential security flaw impacting Progress Software program WhatsUp Gold is seeing energetic exploitation makes an attempt, making it important that customers transfer rapidly to use the most recent.
The vulnerability in query is CVE-2024-4885 (CVSS rating: 9.8), an unauthenticated distant code execution bug impacting variations of the community monitoring utility launched earlier than 2023.1.3.
“The WhatsUp.ExportUtilities.Export.GetFileWithoutZip permits execution of instructions with iisapppoolnmconsole privileges,” the corporate mentioned in an advisory launched in late June 2024.
Based on security researcher Sina Kheirkhah of the Summoning Group, the flaw resides within the implementation of the GetFileWithoutZip technique, which fails to carry out ample validation of user-supplied paths previous to its use.
An attacker might make the most of this habits to execute code within the context of the service account. A proof-of-concept (PoC) exploit has since been launched by Kheirkhah.
The Shadowserver Basis mentioned it has noticed exploitation makes an attempt in opposition to the flaw since August 1, 2024. “Beginning Aug 1st, we see /NmAPI/RecurringReport CVE-2024-4885 exploitation callback makes an attempt (up to now 6 src IPs),” it mentioned in a put up on X.
WhatsUp Gold model 2023.1.3 addresses two extra essential flaws CVE-2024-4883 and CVE-2024-4884 (CVSS scores: 9.8), each of which additionally allow unauthenticated distant code execution by way of NmApi.exe and Apm.UI.Areas.APM.Controllers.CommunityController, respectively.
Additionally addressed by Progress Software program is a high-severity privilege escalation challenge (CVE-2024-5009, CVSS rating: 8.4) that enables native attackers to raise their privileges on affected installations by benefiting from the SetAdminPassword technique.
With flaws in Progress Software program recurrently being abused by risk actors for malicious functions, it is important that admins apply the most recent security updates and permit site visitors solely from trusted IP addresses to mitigate potential threats.
