CVE-2024-2389

{"id": "CVE-2024-2389", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2024-04-02T13:15:51.693", "references": [{"url": "https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability", "source": "security@progress.com"}, {"url": "https://www.flowmon.com", "source": "security@progress.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.\u00a0 An unauthenticated user\u00a0can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n\n"}], "lastModified": "2024-04-02T18:12:16.283", "sourceIdentifier": "security@progress.com"}