Critical RCE Vulnerability Found in WhatsUp Gold – CVE-202313

By /

Listen to this Post

A severe Remote Code Execution (RCE) vulnerability has been identified in Progress WhatsUp Gold, a widely used network monitoring tool. The vulnerability, tracked as CVE-2023.1.3, allows unauthenticated attackers to execute arbitrary commands with iisapppool
mconsole privileges. This security flaw poses a significant risk to organizations relying on WhatsUp Gold for infrastructure monitoring, as it could be exploited to gain control over networked systems.

Security researchers, including Sina Kheirkhah from the Summoning Team, working with the Trend Micro Zero Day Initiative, were credited with the discovery. The flaw has been rated 9.8 (Critical) on the CVSS 3.1 scale, emphasizing the urgency of applying security patches.

the Vulnerability

  • Affected Versions: WhatsUp Gold versions released before 2023.1.3.
  • Type of Vulnerability: Unauthenticated Remote Code Execution (RCE).
  • Impact: Attackers can run arbitrary system commands with elevated privileges.

– Exploited Function: `WhatsUp.ExportUtilities.Export.GetFileWithoutZip` allows execution of commands.

– Severity Score: 9.8/10 (Critical).

  • Attack Vector: Network-based, low attack complexity, no authentication required.
  • Discovery & Credit: Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam), in collaboration with Trend Micro Zero Day Initiative.

– References & Official Advisories:

– [Progress Network Monitoring](https://www.progress.com/network-monitoring)

– [WhatsUp Gold Security Bulletin – June 2024](https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024)

What Undercode Says:

The CVE-2023.1.3 vulnerability in WhatsUp Gold is one of the most dangerous security flaws affecting network monitoring software. Here’s why it’s a critical threat to enterprises:

1. Unauthenticated Remote Code Execution (RCE)

This flaw does not require user authentication, meaning any attacker on the internet can exploit it without credentials. Such vulnerabilities are prime targets for automated scanning tools used by cybercriminals.

2. High CVSS Score – 9.8 (Critical)

The CVSS 3.1 rating of 9.8 indicates that this is nearly as severe as it gets. A vulnerability of this scale can lead to full system compromise, data exfiltration, and lateral movement within the network.

3. Privilege Escalation Risks

Although the commands execute under iisapppool
mconsole privileges, this level of access is often sufficient to manipulate system processes, escalate privileges, or deploy malware/ransomware within an organization’s network.

4. Exploitable via Network

Since the attack vector is network-based, an attacker does not need local access to the target machine. This makes it particularly dangerous for internet-exposed systems running WhatsUp Gold.

5. Potential for Widespread Attacks

WhatsUp Gold is commonly used by IT teams across enterprises to monitor network performance. If an attacker compromises one instance, they can potentially pivot to other critical infrastructure and compromise the entire network.

6. Immediate Patch is Mandatory

Progress has released an updated version (2023.1.3 and later) that patches this flaw. Organizations using WhatsUp Gold must apply the security update immediately to prevent exploitation.

7. Possible Real-World Exploitation

Given the severity and ease of exploitation, threat actors are likely already scanning for unpatched systems. Cybersecurity firms and threat intelligence sources should closely monitor whether this vulnerability is being actively exploited in the wild.

8. Comparisons to Past CVEs

Similar high-impact vulnerabilities (such as CVE-2021-26855 in Microsoft Exchange) have led to mass exploitation campaigns. The risk here is comparable, as an RCE in a widely used IT tool can be a goldmine for attackers.

9. Risk to Government & Critical Infrastructure

Because network monitoring tools like WhatsUp Gold are often used in government agencies, healthcare, and finance, a successful exploit could disrupt critical operations or lead to nation-state attacks.

10. Defensive Measures

Organizations must take the following proactive steps:

  • Update WhatsUp Gold to version 2023.1.3 or later.

– Monitor system logs for any unusual activity.

  • Restrict network exposure of the service where possible.
  • Implement Web Application Firewalls (WAFs) to detect exploit attempts.
  • Enable advanced threat detection tools to identify possible intrusions.

Fact Checker Results:

  1. CVE Validity: Confirmed, with details provided by Progress and Trend Micro Zero Day Initiative.
  2. Exploitability: The attack is highly feasible, as it requires no authentication and has a network attack vector.
  3. Patch Availability: Progress has released 2023.1.3, which addresses the vulnerability. Immediate application is recommended.

References:

Reported By: https://www.cve.org/CVERecord?id=CVE-2024-4885
Extra Source Hub:
https://www.facebook.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: