What is CVE-2024-4885?
CVE-2024-4885 is a critical unauthenticated RCE vulnerability in Progress WhatsUp Gold. WhatsUp Gold is a Network Availability and Performance Monitoring tool by Progress Software. The vulnerability within GetFileWithoutZip method of Progress WhatsUp Gold results in lack of proper validation of a user-supplied path prior to using it in file operations. Exploiting the vulnerability allows attackers to remotely execute arbitrary commands in the context of a service account.
When Was the Vulnerability Discovered?
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative discovered this vulnerability and reported it to Progress Software on April 24, 2024. Progress Software released the patch on May 24, 2024 in WhatsUp Gold version 23.1.3. Armis CentrixTM for Early Warning, added AI intelligence that collected and analyzed the context of the threat actor conversations regarding this vulnerability to the early warning list on July 23, 2024, immediately protecting our customers from this threat. In contrast, CISA added CVE-2025-2783 to their KEV catalog on March 3, 2025, making Armis CentrixTM for Early Warning early by 223 days.
Significance of CVE-2024-4885:
Vulnerable component: the issue is in the implementation of GetFileWithoutZip method of Progress WhatsUp Gold. Due to the flawed implementation, there is a lack of proper validation of a user-supplied path prior to using it in file operations, leading to arbitrary code execution.
Exploitation scenario: attackers can exploit this vulnerability by sending a crafted payload to an exposed port of Progress WhatsUp Gold. While there are no specific campaigns associated with the vulnerability, PoC has been released by the researcher on their github.
Impact and blast radius: as the attacker has elevated privileges over the victim machine, arbitrary code execution can result in full host system takeover. Moreover, attackers can perform lateral movement by abusing Progress WhatsUp’s remote management capabilities.
Value of Timely Awareness: fast detection and proactive action are essential in reducing the risks associated with such vulnerability. Due to the severity of the vulnerability and nature of the impacted software, the attacker could quickly enumerate the victim’s infrastructure and compromise critical systems. Upgrading to the latest patched version and monitoring the system for any suspicious activity such as outbound connections.
Mitigation and Protection:
Proactive defense and workarounds: it is critical to update your Progress WhatsUp Gold to version 23.1.3 or later if it is vulnerable. This version contains a patch for this vulnerability. Additionally, exercise caution with open ports, especially those that are listening for user input.
Continuous monitoring and updates: security teams should monitor vendor advisories and apply security patches as soon as they become available, monitor SIEM for suspicious requests in the context of the technical details reported above, as well as in the official advisory, and regularly assess existing security controls. They should also run automated security scans against exposed ports. By implementing these strong security practices, organizations can effectively mitigate the risks posed by CVE-2024-4885 and safeguard their WhatsUp Gold deployments from exploitation.
Stay vigilant and ensure your systems are up-to-date to defend against evolving cybersecurity threats.
Armis Centrix™ for Early Warning is the proactive cybersecurity solution designed to empower organizations with early warning intelligence to anticipate and mitigate cyber risk effectively. By leveraging AI-driven actionable intelligence, Armis Centrix™ provides insights into the vulnerabilities that threat actors are exploiting in the wild or are about to weaponize, allowing organizations to understand their impact and take preemptive action.
Interested in learning more about Armis Centrix™ for Early Warning? Sign up for a demo today!