Progress Flowmon: Critical breach opens doors to hackers in 1500+ companies

Father

Professional
Messages
2,602
Reaction score
808
Points
113
The bug affects versions 12. x and 11. x – it is better not to delay the update.

Security experts have identified a critical vulnerability in Progress Software's Flowmon network performance monitoring tool, which is used by more than 1,500 companies worldwide, including major organizations such as SEGA, KIA, and Volkswagen.

The vulnerability received the highest CVSS severity rating: 10 out of 10 points. It was discovered by specialists from Rhino Security Labs and registered under the number CVE-2024-2389.

The vulnerability allows an attacker to use a specially crafted API request to gain remote access to the Flowmon web interface without authentication or executing arbitrary system commands.

The developer of the program, Progress Software, first reported the problem on April 4, warning that the error concerns product versions v12. x and v11. x. Experts recommend that customers update their systems to the latest releases v12. 3. 5 and v11. 1. 14.

A security update has already been released for all Flowmon clients. You can get it either automatically or manually from the developer Download center. After that, the company recommends updating all Flowmon modules.

Rhino Security Labs has published technical details of the vulnerability, along with a demo showing how an attacker can use the problem to inject a web shell and elevate privileges to the root level. The researchers were able to perform arbitrary command execution by manipulating the "pluginPath" or "file" parameters.

It is worth noting that about two weeks ago, Italian CSIRT specialists already warned that this exploit was available. According to publicly available information, the current PoC for CVE-2024-2389 was published on April 10.

The number of Flowmon servers available on the Internet varies considerably depending on the chosen search engine. According to the Fofa search engine, there are about 500 Flowmon servers on the network, while the Shodan and Hunter services show less than 100.

The last security bulletin update from Progress Software was on April 19. The company assured its customers that there are no active exploits of CVE-2024-2389, but urged them to update their systems to a secure version as soon as possible.
 
Top