CVE-2024-5009 | THREATINT

Description

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.

PUBLISHED Reserved 2024-05-16 | Published 2024-06-25 | Updated 2024-08-01 | Assigner ProgressSoftware

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

affected

2023.1.0 before 2023.1.3

affected

Credits

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative finder

References

www.progress.com/network-monitoring product

community.progress.com/...p-Gold-Security-Bulletin-June-2024 vendor-advisory

cve.org (CVE-2024-5009)

nvd.nist.gov (CVE-2024-5009)

Download JSON