CVE-2024-2389: Flowmon Unauthenticated Command Injection Vulnerability
First published: Tue Apr 02 2024(Updated: )
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Flowmon | <11.1.14<12.3.5 | |
| Flowmon | <11.1.14 | |
| Flowmon | >=12.0.0<12.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2389?
CVE-2024-2389 is classified as a critical vulnerability due to the potential for unauthenticated users to execute arbitrary system commands.
Which versions of Flowmon are affected by CVE-2024-2389?
CVE-2024-2389 affects Flowmon versions prior to 11.1.14 and 12.3.5.
How do I fix CVE-2024-2389?
To fix CVE-2024-2389, upgrade Flowmon to the latest versions 11.1.14 or 12.3.5 or above.
Can CVE-2024-2389 be exploited remotely?
Yes, CVE-2024-2389 can be exploited remotely since it allows unauthorized access through the Flowmon management interface.
What type of vulnerability is CVE-2024-2389?
CVE-2024-2389 is an operating system command injection vulnerability.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-2389
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/flowmon
- canonical/flowmon
- vendor/progress
- version/flowmon/12.0.0