Login Sign Up

CVE-2024-5017

6.5 MEDIUM
Path Traversal

📋 TL;DR

This path traversal vulnerability in WhatsUp Gold allows unauthenticated attackers to access files outside the intended directory via specially crafted HTTP requests to AppProfileImport. It affects WhatsUp Gold versions before 2023.1.3 and can lead to sensitive information disclosure.

💻 Affected Systems

Products:
  • WhatsUp Gold
Versions: All versions before 2023.1.3
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installations. AppProfileImport endpoint is accessible without authentication.

📦 What is this software?

Whatsup Gold by Progress

View all CVEs affecting Whatsup Gold →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or credentials stored on the server, potentially leading to further compromise.

🟠

Likely Case

Information disclosure of application files, configuration data, or other files accessible to the web server process.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to vulnerable instances.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting HTTP requests with path traversal sequences. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.1.3 and later

Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

Restart Required: Yes

Instructions:

1. Download WhatsUp Gold 2023.1.3 or later from Progress website. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart WhatsUp Gold services.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to WhatsUp Gold web interface to trusted networks only

Configure firewall rules to block external access to WhatsUp Gold ports (typically 80/443)

Web Application Firewall

all

Deploy WAF with path traversal protection rules

Configure WAF to block requests containing ../ sequences

🧯 If You Can't Patch

  • Isolate WhatsUp Gold server in restricted network segment with no internet access
  • Implement strict network access controls allowing only necessary connections from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check WhatsUp Gold version in web interface or installation directory. Versions before 2023.1.3 are vulnerable.

Check Version:

Check Help > About in WhatsUp Gold web interface or examine installation directory version files

Verify Fix Applied:

Verify version is 2023.1.3 or later and test AppProfileImport endpoint with path traversal attempts returns proper error.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /AppProfileImport with ../ sequences
  • Unusual file access patterns in web server logs

Network Indicators:

  • HTTP requests containing path traversal sequences to WhatsUp Gold endpoints

SIEM Query:

source="web_logs" AND (uri="/AppProfileImport" AND (request CONTAINS "../" OR request CONTAINS "..\\"))

📊 Metadata

CVE ID: CVE-2024-5017
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: June 25, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5017, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)