FastNetMon has successfully resolved two critical vulnerabilities in the Netflow and sFlow plugins of its product. The vulnerabilities were identified by an independent security researcher on December 12th 2024, and have since been patched.
The vulnerabilities, discovered through a methodology known as fuzzing, had the potential to allow remote attackers to cause crashes of the FastNetMon daemon using specially crafted UDP packets. Upon receiving the report, FastNetMon was able to replicate the issues in a lab environment and confirmed that all versions of the product were affected.
FastNetMon promptly addressed these vulnerabilities by pushing fixes for both the sFlow v5 and Netflow v9 plugins, effectively closing the ability to exploit these vulnerabilities. A full code review was also conducted, and additional logic was implemented to prevent similar issues from occurring in the future.
On December 16th, 2024, FastNetMon released an out-of-schedule security update, version 2.0.370, which included the security fixes. The company strongly recommends all customers to upgrade to this version as soon as possible. The upgrade guide can be found here.
FastNetMon remains committed to providing its customers with a secure and reliable DDoS solution. For more information, please contact our customer support at support@fastnetmon.com