🔴 CVE-2024-4885

Critical unauthenticated remote code execution vulnerability in WhatsUp Gold's API endpoint allows attackers to execute arbitrary commands with IIS application pool privileges. This network monitoring software is commonly deployed as an internet-facing service for remote monitoring capabilities.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-06-25

Added to CISA KEV: 2025-03-03 251 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-4885 is a critical-severity, unauthenticated Remote Code Execution (RCE) vulnerability affecting Progress WhatsUp Gold [1] [4].

Exploitation and Threat Actor Activity
  • Active Exploitation: The vulnerability has been subject to active exploitation in the wild [4]. Threat actors have used it to gain initial access to corporate networks [4].
  • Proof-of-Concept (PoC): Publicly available PoC exploit code exists, which has facilitated exploitation efforts by targeting exposed WhatsUp Gold endpoints (specifically `/NmAPI/RecurringReport`) [3] [4].
Attack Method and Requirements
  • Attack Vector: The vulnerability is remotely exploitable over the network [6].
  • Authentication/Interaction: It is an unauthenticated vulnerability, meaning no login or valid credentials are required to exploit it [1]. Furthermore, no user interaction is required for a successful attack [7].
  • Mechanism: The flaw exists in the `WhatsUp.ExportUtilities.Export.GetFileWithoutZip` function, which allows for directory traversal and subsequent command execution [2].
Impact and Access
  • Impact: Successful exploitation allows an attacker to execute arbitrary code on the target server [1].
  • Privileges: Code execution occurs with the privileges of `iisapppool\nmconsole` [2].
Affected Versions and Mitigation
  • Affected Versions: Progress WhatsUp Gold versions released before 2023.1.3 (specifically including 23.1.2 and older) are vulnerable [1] [4].
  • Patch Status: Progress Software released a patch for this vulnerability on May 24, 2024, in WhatsUp Gold version 23.1.3 [5]. Organizations using affected versions should update to 23.1.3 or later to remediate the risk.

Sources

  1. CVE-2024-4885 Detail - NVD

    In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.

  2. CVE-2024-4885 - Vulnerability Details - OpenCVE

    In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.CVE-2024-4885 - WhatsUp Gold GetFileWithoutZip Dir…

  3. sinsinology/CVE-2024-4885 - GitHub

    Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution (CVE-2024-4885) Exploit by Sina Kheirkhah (@SinSinology) of SummoningTeam. ... Technical details: https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/ (^_^). Prepare for the Pwnage (^_^) (+). Sending payloa…

  4. Critical Progress WhatsUp RCE flaw now under active exploitation

    Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthentic…

  5. Progress WhatsUp Gold - Unauthenticated RCE Vulnerability - Armis

    CVE-2024-4885 is a critical unauthenticated RCE vulnerability. Learn about the vulnerability's impact and how Armis provided 223 days of ... Progress Software released the patch on May 24, 2024 in WhatsUp Gold version 23.1.3. Armis CentrixTM for Early Warning, added AI intelligence that collected an…

  6. NVD - CVE-2024-4885

    CVE-2024-4885 Detail. Description. In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.Quick Info. CVE Dictionary Entry: CVE-2024-4885 NVD Published Date: 06/25/2024 NVD Last Modified: 10/31/2025 Source: Progress Software…

  7. In WhatsUp Gold versions released before 2023.1.3, an.

    Published by the National Vulnerability Database Jun 25, 2024.CVSS v3 base metrics. Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability. Attack complexity: More severe for the least complex attacks. Privileges required: M…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed