10 matches found
Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit
This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
Flowmon Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...
Progress Flowmon Local sudo privilege escalation
This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...
Flowmon Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in Progres...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)
The version of Progress Kemp Flowmon installed on the remote host is prior to 11.1.14 or 12.3.5. It is, therefore, affected by an unauthenticated command injection vulnerability as referenced in the CVE-2024-2389 advisory. - Unauthenticated, remote attackers can gain access to the web interface o...
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon
The post CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon appeared first on Rhino Security Labs...
CVE-2024-2389
creationtimestamp| type| source ---|---|--- 2024-04-05 12:00:07+00:00| seen| https://t.me/truesecator/5605 2024-04-09 20:45:42+00:00| seen| https://t.me/arpsyndicate/4419 2024-04-22 18:50:45+00:00| seen| https://t.me/arpsyndicate/4733 2024-04-25 04:35:58+00:00| published-proof-of-concept|...
CVE-2024-2389
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...