CVE-2024-5015 – This vulnerability allows authenticated low-pri... (How to Fix)

Q: What is the severity of CVE-2024-5015?

CVE-2024-5015 has a CVSS score of 7.1 (HIGH). This vulnerability allows authenticated low-privileged users in WhatsUp Gold to perform server-side request forgery (SSRF) attacks. By chaining this SSRF with an improper access control vulnerability, attackers can escalate privileges to administrative level. All WhatsUp Gold installations before version 2023.1.3 are affected.

📋 TL;DR

This vulnerability allows authenticated low-privileged users in WhatsUp Gold to perform server-side request forgery (SSRF) attacks. By chaining this SSRF with an improper access control vulnerability, attackers can escalate privileges to administrative level. All WhatsUp Gold installations before version 2023.1.3 are affected.

💻 Affected Systems

Products:

WhatsUp Gold

Versions: All versions before 2023.1.3

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both Windows and Linux deployments of WhatsUp Gold. Authentication required but low-privileged accounts are sufficient.

📦 What is this software?

Whatsup Gold by Progress

View all CVEs affecting Whatsup Gold →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, enabling data theft, configuration changes, and further network exploitation.

🟠

Likely Case

Privilege escalation to admin level, allowing unauthorized access to sensitive network monitoring data and system controls.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls, though SSRF could still enable internal reconnaissance.

🌐 Internet-Facing: MEDIUM - While authentication is required, exposed instances could be targeted by attackers with stolen credentials.

🏢 Internal Only: HIGH - Internal attackers with low-privileged accounts can exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires chaining two vulnerabilities (SSRF + access control bypass) but both are in the same endpoint. Authentication with low privileges is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.1.3 and later

Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

Restart Required: Yes

Instructions:

1. Download WhatsUp Gold version 2023.1.3 or later from Progress website. 2. Backup current configuration and data. 3. Install the update following vendor documentation. 4. Restart WhatsUp Gold services.

🔧 Temporary Workarounds

Network segmentation

all

Restrict WhatsUp Gold server's outbound network access to prevent SSRF exploitation

Configure firewall rules to limit outbound connections from WhatsUp Gold server

Access control hardening

all

Review and restrict low-privileged user accounts

Audit user accounts with low privileges and remove unnecessary accounts

🧯 If You Can't Patch

Implement strict network segmentation to limit WhatsUp Gold server's outbound connections
Monitor for unusual privilege escalation attempts and review all admin account activities

🔍 How to Verify

Check if Vulnerable:

Check WhatsUp Gold version in administration interface or via 'wugadmin -version' command

Check Version:

wugadmin -version

Verify Fix Applied:

Verify version is 2023.1.3 or later and test the SessionController.Update endpoint functionality

📡 Detection & Monitoring

Log Indicators:

Unusual SSRF attempts in application logs
Unexpected privilege escalation events
Multiple failed admin login attempts followed by successful escalation

Network Indicators:

Outbound HTTP requests from WhatsUp Gold server to internal services
Unusual authentication patterns to admin interfaces

SIEM Query:

source="WhatsUpGold" AND (event_type="privilege_escalation" OR url_contains="SessionController/Update")

📊 Metadata

CVE ID: CVE-2024-5015

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-918

Published: June 25, 2024

Last Updated: November 21, 2024

🔗 References

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 Vendor Advisory
https://www.progress.com/network-monitoring Product
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 Vendor Advisory
https://www.progress.com/network-monitoring Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5015, you might also want to check these: