CVE-2024-4562 – This SSRF vulnerability in WhatsUp Gold allows ... (How to Fix)

Q: What is the severity of CVE-2024-4562?

CVE-2024-4562 has a CVSS score of 5.4 (MEDIUM). This SSRF vulnerability in WhatsUp Gold allows authenticated users to make unauthorized HTTP requests through the HTTP Monitoring functionality. Attackers could potentially access internal systems or services that should not be exposed. All WhatsUp Gold installations before version 2023.1.2 are affected.

📋 TL;DR

This SSRF vulnerability in WhatsUp Gold allows authenticated users to make unauthorized HTTP requests through the HTTP Monitoring functionality. Attackers could potentially access internal systems or services that should not be exposed. All WhatsUp Gold installations before version 2023.1.2 are affected.

💻 Affected Systems

Products:

WhatsUp Gold

Versions: All versions before 2023.1.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to WhatsUp Gold interface.

📦 What is this software?

Whatsup Gold by Progress

View all CVEs affecting Whatsup Gold →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could pivot to internal systems, access sensitive internal services, or perform reconnaissance on internal network segments.

🟠

Likely Case

Unauthorized access to internal HTTP services, potential data leakage from internal systems, or scanning of internal network resources.

🟢

If Mitigated

Limited to authenticated users only, with proper network segmentation preventing access to critical internal systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.1.2

Vendor Advisory: https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2

Restart Required: Yes

Instructions:

1. Download WhatsUp Gold 2023.1.2 from Progress website. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart WhatsUp Gold services.

🔧 Temporary Workarounds

Restrict HTTP Monitoring Access

all

Limit HTTP Monitoring functionality to authorized administrators only through role-based access controls.

Network Segmentation

all

Isolate WhatsUp Gold server from sensitive internal networks to limit SSRF impact.

🧯 If You Can't Patch

Implement strict network segmentation to isolate WhatsUp Gold from sensitive internal systems
Review and restrict user permissions to minimize authenticated users with HTTP Monitoring access

🔍 How to Verify

Check if Vulnerable:

Check WhatsUp Gold version in administration interface. If version is below 2023.1.2, system is vulnerable.

Check Version:

Check via WhatsUp Gold web interface: Administration > About

Verify Fix Applied:

Verify version shows 2023.1.2 or higher in administration interface after upgrade.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP monitoring requests from non-admin users
HTTP requests to internal IP ranges from WhatsUp Gold

Network Indicators:

Outbound HTTP requests from WhatsUp Gold server to unexpected internal destinations

SIEM Query:

source="WhatsUpGold" AND (event_type="http_monitor" OR action="http_request") AND user!="admin"

📊 Metadata

CVE ID: CVE-2024-4562

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-918

Published: May 14, 2024

Last Updated: December 9, 2024

🔗 References

https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2 Vendor Advisory
https://www.progress.com/network-monitoring Product
https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2 Vendor Advisory
https://www.progress.com/network-monitoring Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4562, you might also want to check these: