CVE-2024-46909 | THREATINT

Description

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.

PUBLISHED Reserved 2024-09-13 | Published 2024-12-02 | Updated 2024-12-02 | Assigner ProgressSoftware

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-73 External Control of File Name or Path

CWE-16 Configuration

Product status

Default status

affected

2023.1.0 (semver) before 2024.0.1

affected

Credits

Andy Niu of Trend Micro finder

References

www.progress.com/network-monitoring

community.progress.com/...d-Security-Bulletin-September-2024 vendor-advisory

docs.progress.com/.../WhatsUp-Gold-2024.0-Release-Notes.html release-notes

cve.org (CVE-2024-46909)

nvd.nist.gov (CVE-2024-46909)

Download JSON