← back
CVE-2024-4883

WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 64.8%CWE-77CWE-78CWE-94
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Progress Software Corporation · WhatsUp Gold
public PoCs found1
githubgithub.com/sinsinology/CVE-2024-488311
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024https://www.progress.com/network-monitoring