CVE-2024-2389

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 2, 2024

CWE ID 22

CWE ID 27

Summary

CVE-2024-2389 is a critical vulnerability affecting Flowmon versions prior to 11.1.14 and 12.3.5. This issue permits an unauthenticated user to inject operating system commands through the Flowmon management interface, granting them the ability to execute arbitrary system commands on the affected system. This represents a significant risk to system security and integrity. Successful exploitation of this vulnerability can lead to unauthorized access, data theft, or even system takeover. Users are strongly advised to upgrade to a patched version of Flowmon as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQMXwR
https://www.cve.org/CVERecord?id=CVE-2024-2389
https://nvd.nist.gov/vuln/detail/CVE-2024-2389

Back to Vulnerability Database

CVE-2024-2389

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations