← volver
CVE-2024-2389

Flowmon Unauthenticated Command Injection Vulnerability

CVSS 10 CRITICALEPSS 93.9%CWE-78
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Progress Software · Flowmon
PoCs públicas encontradas1
githubgithub.com/adhikara13/CVE-2024-23892
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerabilityhttps://www.flowmon.com