Progress fixes critical vulnerability in Flowmon network monitoring product
Take action: If you are using Progress Flowmon 11 or 12, check if the management interface is isolated and accessible only from trusted networks. Then patch ASAP. If your Flowmon must be accessible from the internet, wake up all engineers and start patching NOW.
Learn More
Progress has identified a critical vulnerability in its Flowmon network monitoring software, tracked as CVE-2024-2389 (CVSS score 10).
The vulnerability exposes the software to a risk of OS command injection where unauthorized individuals could execute arbitrary system commands via the Flowmon management interface, potentially leading to full control over the affected system's network infrastructure.
The affected versions of Flowmon include all releases within the 11.x and 12.x series.
Versions preceding 11.0, specifically those in the 10.x series and earlier, are not impacted by this flaw.
It's strongly advised for users of the affected versions to promptly update their software to these latest releases to mitigate the risk associated with CVE-2024-2389.
