CVE-2024-5009
published 2024-06-25CVE-2024-5009: In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows…
PriorityP355high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
15.03%
96.3th percentile
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsup_gold | < 23.1.3 | 23.1.3 |
| progress_software_corporation | whatsup_gold | >= 2023.1.0 < 2023.1.3 | 2023.1.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
suricata·2024-09-18·CVSS 8.4
CVE-2024-5009 [HIGH] ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
Rule: alert http any any -> $HOME_NET 9642 (msg:"ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)"; flow:established, to_server; http.method; content:"POST"; http.uri; content:"/NmConsole/Wug/Install/SetAdminPassword"; fast_pattern; http.request_body; content:"|22|ConfirmPassword|22|"; reference:url,summoning.team/blog/progress-whatsup-gold-privesc-setadminpassword-cve-2024-5009/; reference:cve,2024-5009; classtype:web-application-activity; sid:2055951; rev:1; metadata:affected_product WhatsUp_Gold, attack_target Server, tls_state plaintext, created_at 2024_09_18, cve CVE_2024_5009, deployment Perimeter, deployment Internal, confidence High, sign
No public exploits indexed.
No writeups or analysis indexed.
2024-06-25
Published