WEB Progress WhatsUp Gold WriteDataFile Directory Traversal -2 (CVE-2024-4883) state 1-F/Flow

Rule ID

1235406

Severity

High

Description

A directory traversal vulnerability exists in Progress WhatsUp Gold. This vulnerability is due to improper input validation in the WriteDataFile method. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file creation or, in the worst case, remote code execution in the context of a service account.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Exploits

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-4883

ZDI-24-892

T1210

T0866

T1190

T0819

Keywords

N/A

Date Created

2024/07/30

Last Updated

2024/08/09

This website uses cookies to ensure you get the best experience on our website.