CVE-2024-4885
Published: 25 June 2024
Summary
CVE-2024-4885 is a critical-severity Path Traversal (CWE-22) vulnerability in Progress Whatsup Gold. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-4885 is an unauthenticated remote code execution vulnerability affecting Progress WhatsUp Gold versions prior to 2023.1.3. The flaw resides in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip component, which permits command execution under the iisapppool\nmconsole account and is tracked under CWE-22 with a CVSS 3.1 score of 9.8.
An attacker with network access can invoke the vulnerable export utility without authentication to run arbitrary commands on the server, achieving full control over confidentiality, integrity, and availability of the affected system.
The vendor Progress has published a security bulletin directing customers to upgrade to version 2023.1.3 or later, and the issue appears in CISA's Known Exploited Vulnerabilities catalog.
The associated EPSS score has remained at a sustained high of 0.9427 since disclosure, indicating persistent and substantial exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-44455
Vulnerability details
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
- CWE(s)
- KEV Date Added
- 03 March 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the unauthenticated requests that trigger GetFileWithoutZip command execution.
Enforces input validation to stop the path-traversal payloads that enable the RCE.
Limits privileges of the iisapppool\nmconsole account so any successful execution has reduced impact.