.png)
Proof-of-concept code has recently been made available to exploit a significant vulnerability in Progress Flowmon, a tool used to map network performance that contains a critical bug allowing for code injection.
The vulnerability, tracked as CVE-2024-2389, affects Flowmon versions prior to 11.1.14 and 12.3.5, enabling unauthorized access to a system via the Flowmon interface and potential execution of code on the system. This vulnerability has been rated with a CVSS score of 10 and classified as Critical, defined as a CWE-78 bug.
The vulnerability was officially acknowledged earlier in the week by Kemp Technologies, the creator of Flowmon, who promptly released a patch with versions 11.1.14 and 12.3.5 and urged administrators to apply the patch immediately.
Security company Rhino Labs has now published a proof-of-concept detailing how the vulnerability can be exploited in practice. Flowmon, a widely used tool in large corporations for network stability optimization, may have multiple instances accessible via the internet, although the exact number is unknown.
English (US)