Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.

Published

2024-04-02T13:15:51.693

Last Modified

2025-02-07T17:00:46.730

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	flowmon	< 11.1.14	Yes
Application	progress	flowmon	< 12.3.5	Yes

References

https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability Vendor Advisory ([email protected])
https://www.flowmon.com Product ([email protected])
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.flowmon.com Product (af854a3a-2127-422b-91ae-364da2661108)