Top Network Performance Tool Flowmon has a serious security problem, so patch now
The network monitoring and security solution Progress Flowmon was found to contain a vulnerability of the highest severity, allowing threat actors to escalate their privileges and gain full access to the target endpoint.
As reported by BleepigComputerthe performance tracking, diagnostics, and network detection and response tool was vulnerable to CVE-2024-2389, a flaw that allowed attackers to gain unauthenticated access to the Flowmon web interface, where they can execute arbitrary system commands.
To gain this access, the attackers must submit a custom API request.
Thousands of victims
A proof-of-concept (PoC) is already available, but the vulnerability is apparently not yet being exploited in the wild. Users are advised to apply the released patch immediately.
Progress has since been notified of the discovery and released a patch. Flowmon versions 12.x and 11.x are all vulnerable. The first patched versions are 12.3.5 and 11.1.14. Those with automatic updates enabled have already received the patch. Those who opted for manual updates should go to the vendor’s download center.
After applying the patch, Progress recommends also upgrading all Flowmon modules.
Although the vulnerability was discovered and reported by researchers at Rhino Security Labs, BleepingComputer recalls that the Italian CSIRT also warned about it about two weeks ago. Rhino Security Labs published the technical details and a demo on how to use the vulnerability, but a PoC was already made available on April 10.
Currently, there are conflicting reports about how many Flowmon instances are posted on the public web and thus vulnerable. Some search engines show around 500 exposed servers, while others see less than 100 instances. In any case, about 1,500 companies around the world use Flowmon, BleepingComputer added, including SEGA, KIA, TDK, Volkswagen and others.
So far there is no evidence of abuse in the wild.