Flowmon Vulnerability Now Has a Public Exploit – Patch Immediately
In recent news, a critical vulnerability in Progress Flowmon has been made public and exploit code is now available. Flowmon is a popular tool used by over 1,500 companies to monitor network performance and visibility, including well-known names like SEGA, KIA, and TDK, and large companies like Volkswagen, Orange, and Tietoevry.
This security flaw has been given a severity score of 10/10 and was discovered by Rhino Security Labs. It is currently being tracked as CVE-2024-2389.
According to researchers, this vulnerability can be exploited using a specially crafted API request to gain remote, unauthenticated access to the Flowmon web interface and execute arbitrary system commands. This could potentially have serious consequences for unknowing individuals and businesses.
What You Need to Do
Progress Software, the developer of Flowmon, first addressed the issue on April 4th and recommended that all system admins upgrade to the latest version – v12.3.5 or 11.1.14 – to fix the vulnerability. This security update was automatically installed for some customers and can also be manually downloaded from the vendor’s website. Additionally, Progress is asking all Flowmon users to upgrade their modules as well to ensure complete protection.
New Exploit Code and Demo Released
A report by Rhino Security Labs shows a demo of how an attacker could exploit the vulnerability to gain root privileges and plant a webshell. The researchers were able to manipulate the ‘pluginPath’ or ‘file parameters’ to insert malicious commands and achieve arbitrary execution.
While Progress states that there have been no reports of active exploitation, Italy’s CSIRT has issued a warning noting that with the availability of exploit code, it is highly likely that attacks will occur. BleepingComputer has also found evidence of a published valid Proof-of-Concept for this vulnerability, further emphasizing the urgency of upgrading to a secure version.
Flowmon Servers at Risk
A search on various search engines has revealed that there are hundreds of Flowmon instances still accessible on the public web. This poses a significant risk as cybercriminals could potentially gain access to sensitive information and cause serious damage.
To protect yourself and your business, it is imperative that all Flowmon users upgrade to the safe version as soon as possible. Failure to do so could result in successful exploits and severe consequences. Stay safe!