Friday, January 31, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityCritical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code

Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code

CVE/vulnerabilityCyber Security NewsNetwork Security

Published on

By Eswar
Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

A new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389.

Progress Flowmon is a Cloud Application Performance monitoring solution that can help analyze network and application traffic.

Moreover, it can also be used for several purposes, such as Troubleshooting, network visibility, bandwidth monitoring, attack evidence and analysis, network capacity planning, and many others.

Last year, the progress software’s MOVEit Vulnerability was exploited widely by CL0P Ransomware Group.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

However, this new vulnerability has been patched and a security advisory has also been released for addressing this vulnerability.

Technical Analysis – CVE-2024-2389

According to the advisory, the existence of this vulnerability has been confirmed in Flowmon versions v11.x and v12.x.

This vulnerability could allow an unauthenticated remote threat actor to gain access to the web interface of flowmon.

Once this access has been gained, the threat actor can then issue a specially crafted API command that will let the attacker execute arbitrary system commands without any authentication.

The severity for this vulnerability has been given a maximum of 10.0 (Critical).

Furthermore, this vulnerability also affects all the platforms of Flowmon versions 11.x and 12.x. Nevertheless, it has been confirmed that versions prior to 11.0 are not affected by this vulnerability.

However, there has been no evidence of threat actors exploiting this vulnerability in the wild.

Progress has immediately acted upon this vulnerability and has released the patched versions of Flowmon 12.3.5 and Flowmon 11.1.4.

In order to upgrade these versions, users can use the automatic package download feature on their Flowmon appliance or download the releases manually.

It is recommended that users of these product versions upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

CVE/vulnerability

Yeti Forensic Platform Vulnerability Allows Attackers to Execute Remote Code

A critical security flaw has been identified in the popular Yeti Forensic Intelligence platform,...
CVE/vulnerability

Cisco Webex Chat Vulnerabilities Expose Organization Chat Histories to Attackers

A major cybersecurity vulnerability in Cisco Webex Chat (previously known as IMI Chat) has...
CVE/vulnerability

VMware Aria Operations Vulnerabilities Allow Attackers to Perform Admin-Level Actions

VMware has released a critical security advisory, VMSA-2025-0003, addressing multiple vulnerabilities in VMware Aria Operations...
cyber security

Malware Discovered in Healthcare Patient Monitors, Traced to Chinese IP Address

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding multiple...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

CVE/vulnerability

Yeti Forensic Platform Vulnerability Allows Attackers to Execute Remote Code

A critical security flaw has been identified in the popular Yeti Forensic Intelligence platform,...
CVE/vulnerability

Cisco Webex Chat Vulnerabilities Expose Organization Chat Histories to Attackers

A major cybersecurity vulnerability in Cisco Webex Chat (previously known as IMI Chat) has...
CVE/vulnerability

VMware Aria Operations Vulnerabilities Allow Attackers to Perform Admin-Level Actions

VMware has released a critical security advisory, VMSA-2025-0003, addressing multiple vulnerabilities in VMware Aria Operations...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved