"Maximum Severity Flowmon Bug Has a Public Exploit, Patch Now"

Proof-of-Concept (PoC) exploit code has been released for a severe security vulnerability in Progress Flowmon, a tool used to monitor network performance and support visibility. Progress Flowmon features performance tracking, diagnostics, and more. It is used by over 1,500 companies worldwide, including SEGA, KIA, TDK, Volkswagen, Orange, and Tietoevry. The security issue, discovered by researchers at Rhino Security Labs and tracked as CVE-2024-2389, has a maximum severity score of 10. An attacker can use a specially crafted Application Programming Interface (API) request to gain remote, unauthenticated access to the tool's web interface and execute arbitrary system commands. This article continues to discuss the potential exploitation and impact of the maximum severity Flowmon bug.

Bleeping Computer reports "Maximum Severity Flowmon Bug Has a Public Exploit, Patch Now"

Submitted by grigby1