CVE-2024-2389
In Flowmon versions before 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
Maximum severity Flowmon bug has a public exploit, patch now By Bill Toulas April 24, 2024 04:08 PM 0 Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. Progress Flowmon combines performance tracking, diagnostics, and network detection and response features. It is used by more than 1,500 companies around the world, including SEGA, KIA, and TDK, Volkswagen, Orange, and Tietoe...