Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193948);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/30");

  script_cve_id("CVE-2024-2389");

  script_name(english:"Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Progress Kemp Flowmon installed on the remote host is prior to 11.1.14 or 12.3.5. It is,
therefore, affected by an unauthenticated command injection vulnerability as referenced in the CVE-2024-2389 advisory.

  - Unauthenticated, remote attackers can gain access to the web interface of
    Flowmon to issue a carefully crafted API command that will allow arbitrary
    system commands to be executed without authentication.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e092451");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Progress Kemp Flowmon version 11.1.14, 12.3.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2389");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Flowmon Unauthenticated Command Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:progress:flowmon_packet_investigator");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:progress:flowmon_os");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("progress_kemp_flowmon_detect.nbin");
  script_require_ports("Services/www", 80, 443, 8080);

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:'Progress Kemp Flowmon', port:port, webapp:TRUE);

# 11.x < 11.1.14, 12.x < 12.3.5
var constraints = [
  { 'min_version' : '11.0', 'fixed_version' : '11.1.14' },
  { 'min_version' : '12.0', 'fixed_version' : '12.3.5' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);