CVE-2024-5016 — Vulnetix

CVE-2024-5016 PUBLISHED CVSS 7.199999809265137 HIGH

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.

EPSS 6.19% · 91.0th percentile

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.19%

91.0th percentile

Affected Products

Vendor	Product	Versions
Progress Software Corporation	WhatsUp Gold	2023.1.0, 2023.1.0, 2023.1.0
progress	whatsup_gold	2023.1.0, 2023.1.0, 2023.1.0
progress	whatsup_gold	23.1.0, 0, 23.1.0

Timeline

Jun 25, 2024 CVE Published
Jun 26, 2024 EPSS Score
Jul 18, 2024 EPSS Score
Sep 1, 2024 EPSS Score
Sep 24, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 16, 2024 EPSS Score
Nov 30, 2024 EPSS Score
Dec 24, 2024 EPSS Score
Jan 15, 2025 EPSS Score
Feb 6, 2025 EPSS Score
Mar 17, 2025 EPSS Score

References

https://www.progress.com/network-monitoring url
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-5016 advisory

Open in Interactive Console →