cve-2024-5013
Vulnerability from cvelistv5
Published
2024-06-25 20:11
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service
vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Progress Software Corporation | WhatsUp Gold |
Version: 2023.1.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "whatsup_gold",
"vendor": "progress",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T14:03:25.828079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T23:38:21.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.progress.com/network-monitoring"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Installation"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WhatsUp Gold versions released before 2023.1.3,\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003e\u0026nbsp;an unauthenticated Denial of Service \n\nvulnerability was identified.\u0026nbsp;An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.\u0026nbsp;\u003ccode\u003e\u003cbr\u003e\u003c/code\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003e\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T20:11:58.100Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/network-monitoring"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WhatsUp Gold InstallController Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-5013",
"datePublished": "2024-06-25T20:11:58.100Z",
"dateReserved": "2024-05-16T15:59:53.459Z",
"dateUpdated": "2024-08-01T20:55:10.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"23.1.3\", \"matchCriteriaId\": \"C22487E3-6723-40C7-86A0-764EBAA37A55\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In WhatsUp Gold versions released before 2023.1.3,\\u00a0an unauthenticated Denial of Service \\n\\nvulnerability was identified.\\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.\"}, {\"lang\": \"es\", \"value\": \"En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identific\\u00f3 una vulnerabilidad de denegaci\\u00f3n de servicio no autenticada. Un atacante no autenticado puede colocar la aplicaci\\u00f3n en el paso de instalaci\\u00f3n SetAdminPassword, lo que hace que la aplicaci\\u00f3n no sea accesible.\"}]",
"id": "CVE-2024-5013",
"lastModified": "2024-11-21T09:46:46.933",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-06-25T21:16:00.510",
"references": "[{\"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\", \"source\": \"security@progress.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.progress.com/network-monitoring\", \"source\": \"security@progress.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.progress.com/network-monitoring\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "security@progress.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-5013\",\"sourceIdentifier\":\"security@progress.com\",\"published\":\"2024-06-25T21:16:00.510\",\"lastModified\":\"2024-11-21T09:46:46.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \\n\\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.\"},{\"lang\":\"es\",\"value\":\"En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identific\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio no autenticada. Un atacante no autenticado puede colocar la aplicaci\u00f3n en el paso de instalaci\u00f3n SetAdminPassword, lo que hace que la aplicaci\u00f3n no sea accesible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1.3\",\"matchCriteriaId\":\"C22487E3-6723-40C7-86A0-764EBAA37A55\"}]}]}],\"references\":[{\"url\":\"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\",\"source\":\"security@progress.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.progress.com/network-monitoring\",\"source\":\"security@progress.com\",\"tags\":[\"Product\"]},{\"url\":\"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.progress.com/network-monitoring\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.