← Zuruck zu CVEs

CVE-2024-4885

CRITICALCISA KEV

9.8

Beschreibung

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht6/25/2024

Zuletzt geandert10/31/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerProgress

ProduktWhatsUp Gold

SchwachstellennameProgress WhatsUp Gold Path Traversal Vulnerability

KEV Aufnahmedatum2025-03-03

Behebungsfrist2025-03-24

Ransomware-NutzungUnknown

Betroffene Produkte

progress:whatsup_gold

Schwachen (CWE)

CWE-22

Referenzen

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024(security@progress.com)

https://www.progress.com/network-monitoring(security@progress.com)

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024(af854a3a-2127-422b-91ae-364da2661108)

https://www.progress.com/network-monitoring(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.