CVE-2024-2389 – Flowmon Unauthenticated Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2024-2389

02 Apr 2024 — In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. En las versiones de Flowmon anteriores a la 11.1.14 y 12.3.5, se identificó una vulnerabilidad de inyección de comandos del sistema operativo. Un usuario no autenticado puede acceder al sistema a través de la interfaz de administración de Flo... • https://packetstorm.news/files/id/178849 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •