CVE-2024-5019 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-5019?

CVE-2024-5019 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows unauthenticated attackers to read arbitrary files on WhatsUp Gold servers with IIS application pool privileges. It affects WhatsUp Gold versions before 2023.1.3, potentially exposing sensitive configuration files and system information.

📋 TL;DR

This vulnerability allows unauthenticated attackers to read arbitrary files on WhatsUp Gold servers with IIS application pool privileges. It affects WhatsUp Gold versions before 2023.1.3, potentially exposing sensitive configuration files and system information.

💻 Affected Systems

Products:

WhatsUp Gold

Versions: All versions before 2023.1.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component of WhatsUp Gold running on IIS.

📦 What is this software?

Whatsup Gold by Progress

View all CVEs affecting Whatsup Gold →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive files like configuration files, credentials, or system files, leading to further system compromise or data exfiltration.

🟠

Likely Case

Unauthenticated file reads of web application files, configuration files, or other accessible system files with the IIS app pool identity.

🟢

If Mitigated

Limited file access restricted to what the IIS application pool identity can read, with no write or execution capabilities.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated exploitation via web request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.1.3 or later

Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

Restart Required: Yes

Instructions:

1. Download WhatsUp Gold 2023.1.3 or later from Progress website. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart WhatsUp Gold services.

🔧 Temporary Workarounds

Restrict network access

all

Limit access to WhatsUp Gold web interface to trusted networks only

Web Application Firewall rules

all

Implement WAF rules to block requests to the vulnerable SessionController.CachedCSS endpoint

🧯 If You Can't Patch

Implement strict network segmentation to isolate WhatsUp Gold servers
Deploy web application firewall with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check WhatsUp Gold version in web interface or installation directory. Versions before 2023.1.3 are vulnerable.

Check Version:

Check web interface About page or examine installation directory version files

Verify Fix Applied:

Verify version is 2023.1.3 or later and test that arbitrary file read attempts via the vulnerable endpoint are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in IIS logs
Requests to /Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS with file path parameters

Network Indicators:

HTTP requests attempting directory traversal or file read patterns

SIEM Query:

source="IIS" AND (uri="*SessionController.CachedCSS*" OR uri="*../*" OR uri="*..\\*")

📊 Metadata

CVE ID: CVE-2024-5019

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

Published: June 25, 2024

Last Updated: November 21, 2024

🔗 References

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 Vendor Advisory
https://www.progress.com/network-monitoring Product
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 Vendor Advisory
https://www.progress.com/network-monitoring Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5019, you might also want to check these: