Lucene search

HistoryAug 09, 2024 - 12:00 a.m.

Progress WhatsUp Gold File Upload RCE (CVE-2024-4884)

2024-08-0900:00:00

www.tenable.com

progress whatsup gold

file upload

remote code execution

vulnerability

cve-2024-4884

scanner

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.001

Percentile

48.1%

JSON

The Progress WhatsUp Gold running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can upload arbitrary files, which can result in code execution in the context of the account running the NmConsole IIS application.

Binary data progress_whatsup_gold_cve-2024-4884.nbin

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4884

www.nessus.org/u?29c3f424

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.001

Percentile

48.1%

JSON

Related for PROGRESS_WHATSUP_GOLD_CVE-2024-4884.NBIN