CVE-2024-5013 - OpenCVE

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Progress	Whatsup Gold

Configuration 1 [-]

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring

History

Wed, 21 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Progress Progress whatsup Gold
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:progress:whatsup_gold::::::::
Vendors & Products		Progress Progress whatsup Gold

MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2024-06-25T20:11:58.100Z

Updated: 2024-08-01T20:55:10.406Z

Reserved: 2024-05-16T15:59:53.459Z

Link: CVE-2024-5013

Vulnrichment

Updated: 2024-08-01T20:55:10.406Z

NVD

Status : Analyzed

Published: 2024-06-25T21:16:00.510

Modified: 2024-08-21T13:35:28.750

Link: CVE-2024-5013

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5013", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-05-16T15:59:53.459Z", "datePublished": "2024-06-25T20:11:58.100Z", "dateUpdated": "2024-08-01T20:55:10.406Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Installation"], "platforms": ["Windows"], "product": "WhatsUp Gold", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "2023.1.3", "status": "affected", "version": "2023.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In WhatsUp Gold versions released before 2023.1.3,<span style=\"background-color: rgba(161, 189, 217, 0.08);\"> an unauthenticated Denial of Service \n\nvulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. <code><br></code></span><span style=\"background-color: rgba(161, 189, 217, 0.08);\"><span style=\"background-color: rgba(9, 30, 66, 0.06);\"><br><br><br><br></span>\n\n</span>"}], "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible."}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113 API Manipulation"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-06-25T20:11:58.100Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/network-monitoring"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}], "source": {"discovery": "UNKNOWN"}, "title": "WhatsUp Gold InstallController Denial-of-Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "progress", "product": "whatsup_gold", "cpes": ["cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "2023.1.0", "status": "affected", "lessThan": "2023.1.3", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T14:03:25.828079Z", "id": "CVE-2024-5013", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T23:38:21.726Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.406Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://www.progress.com/network-monitoring"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.progress.com/network-monitoring", "tags": ["product", "x_transferred"]}, {"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.406Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T14:03:25.828079Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"], "vendor": "progress", "product": "whatsup_gold", "versions": [{"status": "affected", "version": "2023.1.0", "lessThan": "2023.1.3", "versionType": "semver"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T14:05:16.041Z"}}], "cna": {"title": "WhatsUp Gold InstallController Denial-of-Service Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113 API Manipulation"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Progress Software Corporation", "modules": ["Installation"], "product": "WhatsUp Gold", "versions": [{"status": "affected", "version": "2023.1.0", "lessThan": "2023.1.3", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "references": [{"url": "https://www.progress.com/network-monitoring", "tags": ["product"]}, {"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.", "supportingMedia": [{"type": "text/html", "value": "In WhatsUp Gold versions released before 2023.1.3,<span style=\"background-color: rgba(161, 189, 217, 0.08);\"> an unauthenticated Denial of Service \n\nvulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. <code><br></code></span><span style=\"background-color: rgba(161, 189, 217, 0.08);\"><span style=\"background-color: rgba(9, 30, 66, 0.06);\"><br><br><br><br></span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-06-25T20:11:58.100Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5013", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:10.406Z", "dateReserved": "2024-05-16T15:59:53.459Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2024-06-25T20:11:58.100Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22487E3-6723-40C7-86A0-764EBAA37A55", "versionEndExcluding": "23.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible."}, {"lang": "es", "value": "En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identific\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio no autenticada. Un atacante no autenticado puede colocar la aplicaci\u00f3n en el paso de instalaci\u00f3n SetAdminPassword, lo que hace que la aplicaci\u00f3n no sea accesible."}], "id": "CVE-2024-5013", "lastModified": "2024-08-21T13:35:28.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2024-06-25T21:16:00.510", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/network-monitoring"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@progress.com", "type": "Secondary"}]}