Security News > 2024 > April > PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)
2024-04-24 11:52

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published.

The critical vulnerability has been disclosed and patched by Progress earlier this month.

CVE-2024-2389 is command injection vulnerability affecting Flowmon versions 11.x and 12.x, but not versions 10.x and lower.

"Unauthenticated, remote attackers can gain access to the web interface of Flowmon to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication," the company explained.

The vulnerability was discovered and reported to Progress by David Yesland, a penetration tester at Rhino Security Labs, who detailed the discovery in a blog post published on Tuesday.

He noted that once the vulnerability is exploited and command execution is achieved, "The application runs as the 'flowmon' user so command will be executed as this user. The flowmon user can run several commands with sudo and several of the commands can be abused to obtain a root shell."


News URL

https://www.helpnetsecurity.com/2024/04/24/poc-cve-2024-2389/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Progress 28 0 51 46 30 127