ГлавнаяУязвимости → CVE-2024-4885
9.8критическая

CVE-2024-4885

→ есть в БДУ: BDU:2024-05764 (на русском)
Описание (на английском; русское — в БДУ выше)

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

Затрагиваемое ПО
Progress Whatsup gold
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024https://www.progress.com/network-monitoringhttps://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024https://www.progress.com/network-monitoringhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885