CVE-2024-5013
📋 TL;DR
An unauthenticated Denial of Service vulnerability in WhatsUp Gold allows attackers to force the application into the SetAdminPassword installation step, making it inaccessible. This affects all WhatsUp Gold versions before 2023.1.3. Organizations using vulnerable versions with internet-facing instances are at highest risk.
💻 Affected Systems
- WhatsUp Gold
📦 What is this software?
Whatsup Gold by Progress
⚠️ Risk & Real-World Impact
Worst Case
Complete application unavailability requiring reinstallation or restoration from backup, disrupting network monitoring and potentially masking other security incidents.
Likely Case
Temporary service disruption requiring administrator intervention to restore normal operation, impacting network visibility and monitoring capabilities.
If Mitigated
No impact if patched or properly firewalled; minimal disruption if detected and mitigated quickly.
🎯 Exploit Status
The vulnerability requires no authentication and minimal technical skill to exploit, making it attractive for disruption attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2023.1.3 and later
Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
Restart Required: Yes
Instructions:
1. Download WhatsUp Gold 2023.1.3 or later from Progress support portal. 2. Backup current configuration and database. 3. Run installer with administrative privileges. 4. Follow upgrade wizard. 5. Restart application services.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to WhatsUp Gold administration interfaces to trusted IP addresses only.
Configure firewall rules to allow only specific source IPs to access WhatsUp Gold ports (typically 80/443 and management ports)
Reverse Proxy with Authentication
allPlace WhatsUp Gold behind a reverse proxy that requires authentication before forwarding requests.
Configure nginx/apache/IIS as reverse proxy with authentication enabled for WhatsUp Gold endpoints
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to WhatsUp Gold to authorized administrative networks only.
- Deploy intrusion detection/prevention systems to monitor for DoS attack patterns against the WhatsUp Gold application.
🔍 How to Verify
Check if Vulnerable:
Check WhatsUp Gold version in administration console or via Help > About. If version is earlier than 2023.1.3, system is vulnerable.Check Version:
In WhatsUp Gold web interface: Navigate to Help > About to view version information.Verify Fix Applied:
Verify version is 2023.1.3 or later in administration console. Test application functionality remains available after attempted exploitation.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to SetAdminPassword endpoint
- Multiple failed authentication attempts followed by service disruption
- Application logs showing unexpected transition to installation state
Network Indicators:
- Unusual traffic spikes to WhatsUp Gold administration ports from unauthenticated sources
- HTTP requests to SetAdminPassword-related endpoints from external IPs
SIEM Query:
source="WhatsUpGold" AND (event="SetAdminPassword" OR event="installation_step") AND src_ip NOT IN [trusted_admin_ips]