Login Sign Up

CVE-2023-26101

7.5 HIGH
Path Traversal

📋 TL;DR

This path traversal vulnerability in Progress Flowmon Packet Investigator allows authenticated users to access arbitrary files on the local filesystem. It affects Flowmon Packet Investigator versions before 12.1.0. Users with access to the Packet Investigator interface can exploit this to read sensitive system files.

💻 Affected Systems

Products:
  • Progress Flowmon Packet Investigator
Versions: All versions before 12.1.0
Operating Systems: Flowmon appliance OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user access to Flowmon Packet Investigator interface. Applies to Flowmon appliances running vulnerable versions.

📦 What is this software?

Flowmon Packet Investigator by Progress

View all CVEs affecting Flowmon Packet Investigator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, credentials, or system files, potentially leading to full system compromise through credential theft or privilege escalation.

🟠

Likely Case

Authenticated users reading configuration files, logs, or other sensitive data stored on the filesystem.

🟢

If Mitigated

Limited file access within user permissions, but still unauthorized access to files outside intended directories.

🌐 Internet-Facing: MEDIUM - Requires authentication but could be exploited if interface is exposed to internet.
🏢 Internal Only: HIGH - Internal users with legitimate access could abuse this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to Flowmon Packet Investigator. Path traversal vulnerabilities are typically straightforward to exploit once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.1.0

Vendor Advisory: https://support.kemptechnologies.com/hc/en-us/articles/12737582619789

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Upgrade Flowmon Packet Investigator to version 12.1.0 or later. 3. Restart the Flowmon appliance. 4. Verify the upgrade was successful.

🔧 Temporary Workarounds

Restrict user access

all

Limit access to Flowmon Packet Investigator interface to only necessary users

Network segmentation

all

Isolate Flowmon appliance network to prevent unauthorized access

🧯 If You Can't Patch

  • Implement strict access controls and monitor user activity on Flowmon Packet Investigator
  • Deploy file integrity monitoring on critical system files

🔍 How to Verify

Check if Vulnerable:

Check Flowmon Packet Investigator version in administration interface or via CLI: show version

Check Version:

show version

Verify Fix Applied:

Confirm version is 12.1.0 or later and test path traversal attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in Flowmon logs
  • Multiple failed path traversal attempts

Network Indicators:

  • Unusual HTTP requests with directory traversal patterns to Flowmon interface

SIEM Query:

source="flowmon" AND (http_uri="*../*" OR http_uri="*..\\*" OR http_uri="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2023-26101
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: April 21, 2023
Last Updated: February 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26101, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)