CVE-2024-4885

CRITICAL KEV NUCLEI

Progress Whatsup Gold < 23.1.3 - Path Traversal

Title source: rule

Description

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

Exploits (1)

nomisec WORKING POC 17 stars

by sinsinology · remote

https://github.com/sinsinology/CVE-2024-4885

View Code ZIP pw:eip

Nuclei Templates (1)

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

CRITICALVERIFIEDby SinSinology,iamnoooob,rootxharsh,pdresearch

Shodan: html:"WhatsUp Gold"

References (3)

[Vendor Advisory] https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

[Product] https://www.progress.com/network-monitoring

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885

Scores

CVSS v3 9.8

EPSS 0.9426

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-03-03

VulnCheck KEV 2024-08-06

ENISA EUVD EUVD-2024-44455

CWE

CWE-22

Status published

Products (1)

progress/whatsup_gold < 23.1.3

Published Jun 25, 2024

KEV Added Mar 03, 2025

Tracked Since Feb 18, 2026