Alert/Advisory: Progress Flowmon Critical Vulnerability Allows Remote Unauthenticated Access8/5/2024
A critical vulnerability (tracked as CVE-2024-2389), that has been scored 10 out of 10 in the Common Vulnerability, has been found to affect Progress Flowmon web interfaces. Fortunately, Progress has released security updates to address this vulnerability. This vulnerability when exploited successfully can allow attackers unauthenticated remote access via API to execute arbitrary system commands. Recently, multiple proof-of-concepts exploits have been published for this vulnerability. The affected product versions are: Flowmon v12.x and Flowmon v11.x. But it does not affect versions 10.x and lower. It is highly advised for Firemon customers to immediately upgrade to one of the patched versions - v12.3.5 or 11.1.14, and then to upgrade all Flowmon modules. More information is available here: https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-044 Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|