PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

2024-04-24 11:52

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published.

The critical vulnerability has been disclosed and patched by Progress earlier this month.

CVE-2024-2389 is command injection vulnerability affecting Flowmon versions 11.x and 12.x, but not versions 10.x and lower.

"Unauthenticated, remote attackers can gain access to the web interface of Flowmon to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication," the company explained.

The vulnerability was discovered and reported to Progress by David Yesland, a penetration tester at Rhino Security Labs, who detailed the discovery in a blog post published on Tuesday.

He noted that once the vulnerability is exploited and command execution is achieved, "The application runs as the 'flowmon' user so command will be executed as this user. The flowmon user can run several commands with sudo and several of the commands can be abused to obtain a root shell."

News URL

https://www.helpnetsecurity.com/2024/04/24/poc-cve-2024-2389/

#critical #CVE #POC #progress #vulnerability #CVE-2024-2389

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-02	CVE-2024-2389	In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Progress		26	3	41	24	10	78

News URL

Related news

Related Vulnerability

Related vendor