{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5013", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-05-16T15:59:53.459Z", "datePublished": "2024-06-25T20:11:58.100Z", "dateUpdated": "2024-08-01T20:55:10.406Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Installation"], "platforms": ["Windows"], "product": "WhatsUp Gold", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "2023.1.3", "status": "affected", "version": "2023.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In WhatsUp Gold versions released before 2023.1.3,<span style=\"background-color: rgba(161, 189, 217, 0.08);\">&nbsp;an unauthenticated Denial of Service \n\nvulnerability was identified.&nbsp;An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.&nbsp;<code><br></code></span><span style=\"background-color: rgba(161, 189, 217, 0.08);\"><span style=\"background-color: rgba(9, 30, 66, 0.06);\"><br><br><br><br></span>\n\n</span>"}], "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible."}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113 API Manipulation"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-06-25T20:11:58.100Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/network-monitoring"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}], "source": {"discovery": "UNKNOWN"}, "title": "WhatsUp Gold InstallController Denial-of-Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "progress", "product": "whatsup_gold", "cpes": ["cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "2023.1.0", "status": "affected", "lessThan": "2023.1.3", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T14:03:25.828079Z", "id": "CVE-2024-5013", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T23:38:21.726Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.406Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://www.progress.com/network-monitoring"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.progress.com/network-monitoring", "tags": ["product", "x_transferred"]}, {"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.406Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T14:03:25.828079Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"], "vendor": "progress", "product": "whatsup_gold", "versions": [{"status": "affected", "version": "2023.1.0", "lessThan": "2023.1.3", "versionType": "semver"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T14:05:16.041Z"}}], "cna": {"title": "WhatsUp Gold InstallController Denial-of-Service Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113 API Manipulation"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Progress Software Corporation", "modules": ["Installation"], "product": "WhatsUp Gold", "versions": [{"status": "affected", "version": "2023.1.0", "lessThan": "2023.1.3", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "references": [{"url": "https://www.progress.com/network-monitoring", "tags": ["product"]}, {"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.", "supportingMedia": [{"type": "text/html", "value": "In WhatsUp Gold versions released before 2023.1.3,<span style=\"background-color: rgba(161, 189, 217, 0.08);\">&nbsp;an unauthenticated Denial of Service \n\nvulnerability was identified.&nbsp;An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.&nbsp;<code><br></code></span><span style=\"background-color: rgba(161, 189, 217, 0.08);\"><span style=\"background-color: rgba(9, 30, 66, 0.06);\"><br><br><br><br></span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-06-25T20:11:58.100Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5013", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:10.406Z", "dateReserved": "2024-05-16T15:59:53.459Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2024-06-25T20:11:58.100Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22487E3-6723-40C7-86A0-764EBAA37A55", "versionEndExcluding": "23.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Denial of Service \n\nvulnerability was identified.\u00a0An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible."}, {"lang": "es", "value": "En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identific\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio no autenticada. Un atacante no autenticado puede colocar la aplicaci\u00f3n en el paso de instalaci\u00f3n SetAdminPassword, lo que hace que la aplicaci\u00f3n no sea accesible."}], "id": "CVE-2024-5013", "lastModified": "2024-11-21T09:46:46.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-25T21:16:00.510", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/network-monitoring"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.progress.com/network-monitoring"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@progress.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}