CVE-2024-5013
WhatsUp Gold InstallController Denial-of-Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service
vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identificó una vulnerabilidad de denegación de servicio no autenticada. Un atacante no autenticado puede colocar la aplicación en el paso de instalación SetAdminPassword, lo que hace que la aplicación no sea accesible.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the InstallController class. The issue results from the lack of validating the current installation step. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-16 CVE Reserved
- 2024-06-25 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
- CAPEC-113: Interface Manipulation
- CAPEC-115: Authentication Bypass
References (2)
URL | Tag | Source |
---|---|---|
https://www.progress.com/network-monitoring | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 | 2024-06-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Progress Software Corporation Search vendor "Progress Software Corporation" | WhatsUp Gold Search vendor "Progress Software Corporation" for product "WhatsUp Gold" | >= 2023.1.0 < 2023.1.3 Search vendor "Progress Software Corporation" for product "WhatsUp Gold" and version " >= 2023.1.0 < 2023.1.3" | en |
Affected
|