A critical security vulnerability has been identified in Progress Flowmon, a comprehensive tool used for monitoring network performance and security. This tool, crucial for over 1,500 organizations including major names like SEGA, Volkswagen, and Orange, integrates performance tracking, diagnostics, and network response capabilities. The vulnerability, assigned CVE-2024-2389, scored a top-severity rating of 10/10, indicating its potential for significant impact. It was uncovered by researchers at Rhino Security Labs, who noted that it could allow attackers to gain remote, unauthenticated access to the Flowmon web interface and execute arbitrary system commands.
The security flaw affects versions 12.x and 11.x of the Flowmon solution. In response to the threat, Progress Software, the developers behind Flowmon, issued an alert on April 4 and strongly recommended that system administrators upgrade to the latest releases—version 12.3.5 and 11.1.14—to close off this vulnerability. They made the security update available to all customers, providing options for automatic or manual download, and stressed the importance of upgrading all Flowmon modules subsequently.
Adding to the severity of the situation, Rhino Security Labs recently published a report detailing the vulnerability along with a demonstration of an exploit. The researchers were able to manipulate certain parameters to inject and execute commands remotely. By using command substitution syntax, they successfully implanted a webshell and escalated privileges to root, highlighting the ease with which an attacker could exploit this flaw.
Despite these disclosures and the availability of exploit code, which was even briefly discussed and warned against by Italy’s CSIRT, Progress Software has reassured users that there have been no reports of active exploitation as of their last update. However, with roughly 500 Flowmon servers found exposed online via various search engines, the risk of potential exploitation remains high, making immediate updates critical for all users to secure their network monitoring infrastructures.
