April 24, 2024 at 04:12PM
Proof-of-concept exploit code for a critical security vulnerability in Progress Flowmon, used by over 1,500 companies worldwide, including SEGA and Volkswagen, has been released. The flaw, with severity score of 10/10, allows remote unauthenticated access and arbitrary command execution. Progress Software urged all system admins to update to versions 12.3.4 and 11.1.14 immediately.
Key Takeaways from the Meeting Notes:
1. Progress Flowmon, a network performance monitoring tool, is affected by a top-severity security vulnerability with a maximum severity score of 10/10 (CVE-2024-2389) which can be exploited to gain remote, unauthenticated access and execute arbitrary system commands.
2. The vulnerability impacts versions v12.x and v11.x of the product. Progress Software, the developer, has released security updates (v12.3.4 and 11.1.14) and encouraged system admins to upgrade to the latest releases.
3. Researchers at Rhino Security Labs have released proof-of-concept exploit code and demonstrated how an attacker could exploit the vulnerability to plant a webshell and escalate privileges to root using command injection.
4. Italy’s CSIRT issued an alert about the availability of an exploit for CVE-2024-2389, and it has been confirmed that there are over 500 Flowmon servers exposed online.
5. Progress Software has assured customers that there are no reports of active exploitation, but upgrading to a secure version as soon as possible is critical.
These takeaways highlight the critical nature of the security vulnerability in Progress Flowmon and the importance of promptly addressing it by upgrading to the latest secure versions provided by Progress Software. Additionally, organizations using Flowmon should be mindful of the availability of exploit code and the exposure of their servers on the public web.