SB2024080730 - Multiple vulnerabilities in Progress Software WhatsUp Gold
Published: August 7, 2024 Updated: October 11, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Arbitrary file upload (CVE-ID: CVE-2024-5008)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the APM module. A remote user can upload a malicious file and execute it on the server.
2) Path traversal (CVE-ID: CVE-2024-5019)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of LoadCSSUsingBasePath method. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
3) Path traversal (CVE-ID: CVE-2024-5018)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the LoadUsingBasePath method. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
4) Improper access control (CVE-ID: CVE-2024-5009)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the implementation of SetAdminPassword method. A local attacker can bypass implemented security restrictions and modify admin's password.
5) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-5014)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the GetASPReport method. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
6) Improper Authentication (CVE-ID: CVE-2024-5015)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests within the GetWindowsCredential method. A remote attacker can bypass authentication process and gain unauthorized access to sensitive information on the system.
7) Input validation error (CVE-ID: CVE-2024-5013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the lack of validating the current installation step within the InstallController class. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
8) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-5015)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the SessionControler class. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
9) Deserialization of Untrusted Data (CVE-ID: CVE-2024-5016)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the implementation of OnMessage method. A remote administrator can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Path traversal (CVE-ID: CVE-2024-4883)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the WriteDataFile method. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
11) Path traversal (CVE-ID: CVE-2024-4885)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of GetFileWithoutZip method. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
12) Arbitrary file upload (CVE-ID: CVE-2024-4884)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the CommunityController class. A remote attacker can upload a malicious file and execute it on the server.
Remediation
Install update from vendor's website.
References
- https://www.progress.com/network-monitoring
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- https://www.zerodayinitiative.com/advisories/ZDI-24-895/
- https://www.zerodayinitiative.com/advisories/ZDI-24-884/
- https://www.zerodayinitiative.com/advisories/ZDI-24-885/
- https://www.zerodayinitiative.com/advisories/ZDI-24-886/
- https://www.zerodayinitiative.com/advisories/ZDI-24-887/
- https://www.zerodayinitiative.com/advisories/ZDI-24-888/
- https://www.zerodayinitiative.com/advisories/ZDI-24-889/
- https://www.zerodayinitiative.com/advisories/ZDI-24-890/
- https://www.zerodayinitiative.com/advisories/ZDI-24-891/
- https://www.zerodayinitiative.com/advisories/ZDI-24-892/
- https://www.zerodayinitiative.com/advisories/ZDI-24-893/
- https://www.zerodayinitiative.com/advisories/ZDI-24-894/