CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.  The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:23.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:46

Type Values Removed Values Added
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - Vendor Advisory () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - Vendor Advisory
References () https://www.progress.com/network-monitoring - Product () https://www.progress.com/network-monitoring - Product

21 Aug 2024, 13:38

Type Values Removed Values Added
First Time Progress
Progress whatsup Gold
CPE cpe:2.3:a:progress:whatsup_gold:23.1.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - Vendor Advisory
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product

26 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, las instalaciones de Distributed Edition se pueden explotar mediante el uso de una herramienta de deserialización para lograr una ejecución remota de código como SYSTEM. La vulnerabilidad existe en las rutinas principales de procesamiento de mensajes NmDistributed.DistributedServiceBehavior.OnMessage para el servidor y NmDistributed.DistributedClient.OnMessage para los clientes.

25 Jun 2024, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-25 21:16

Updated : 2024-11-21 09:46


NVD link : CVE-2024-5016

Mitre link : CVE-2024-5016

CVE.ORG link : CVE-2024-5016


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-502

Deserialization of Untrusted Data