CVE-2024-5011
📋 TL;DR
An unauthenticated attacker can send specially crafted HTTP requests to the TestController Chart functionality in WhatsUp Gold, causing uncontrolled resource consumption and denial of service. This affects all WhatsUp Gold versions before 2023.1.3 that are exposed to network access.
💻 Affected Systems
- WhatsUp Gold
📦 What is this software?
Whatsup Gold by Progress
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage of WhatsUp Gold, disrupting network monitoring and potentially cascading to dependent systems.
Likely Case
Degraded performance or temporary unavailability of the WhatsUp Gold web interface and monitoring functions.
If Mitigated
Minimal impact if the vulnerability is patched or if network access controls prevent unauthenticated requests.
🎯 Exploit Status
The vulnerability requires sending specially crafted HTTP requests but does not require authentication, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2023.1.3 or later
Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
Restart Required: Yes
Instructions:
1. Download WhatsUp Gold 2023.1.3 or later from Progress Software. 2. Backup current configuration and data. 3. Install the update following vendor instructions. 4. Restart the WhatsUp Gold service.
🔧 Temporary Workarounds
Restrict Network Access
allLimit access to the WhatsUp Gold web interface to trusted IP addresses only using firewall rules.
Disable Unnecessary Functionality
windowsIf possible, disable or restrict access to the TestController Chart functionality through application configuration.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate WhatsUp Gold from untrusted networks.
- Deploy rate limiting or web application firewall rules to block suspicious HTTP requests to the TestController endpoint.
🔍 How to Verify
Check if Vulnerable:
Check the WhatsUp Gold version in the web interface under Help > About, or examine the installed version in Windows Programs and Features.Check Version:
Not applicable via command line; check through the web interface or Windows control panel.Verify Fix Applied:
Confirm the version is 2023.1.3 or higher and test that the TestController Chart functionality responds normally to legitimate requests.📡 Detection & Monitoring
Log Indicators:
- Unusual high volume of HTTP requests to /TestController/Chart endpoints
- Increased CPU/memory usage logs from WhatsUp Gold service
- Error logs indicating resource exhaustion
Network Indicators:
- Spike in traffic to WhatsUp Gold web port (typically 80/443)
- Pattern of malformed HTTP requests targeting TestController
SIEM Query:
source="WhatsUpGold" AND (uri_path="/TestController/Chart" OR event_description="resource exhaustion")🔗 References
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- https://www.progress.com/network-monitoring
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1934
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- https://www.progress.com/network-monitoring
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1934
