Progress released a patch to address a critical severity vulnerability in Flowmon. Tracked as CVE-2024-2389, the vulnerability is given a CVSS base score of 10. Successful exploitation of the vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.
A security researcher from Rhino Security Labs discovered and reported the vulnerability to Progress. The security researcher released technical details about the vulnerability in a blog post.
Progress Flowmon is a network performance monitoring solution that helps businesses manage and secure their computer networks. It provides visibility into network traffic, data flows, security, and application performance.
Vulnerability Details
The security researcher has mentioned in the blog that an attacker may escape the intended command and run arbitrary commands by manipulating with the pluginPath or file parameters to contain malicious commands using command substitution, $(), or “.
Affected Versions
The vulnerability affects Progress Flowmon versions before 11.1.14 and 12.3.5.
Mitigation
Customers must upgrade to the following versions to patch the vulnerability:
- Flowmon 12.3.5
- Flowmon 11.1.14
For more information, please refer to the Progress Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 731472 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability