CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.

The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first report of it being under active exploitation in the wild.

“Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution,” reads the flaw’s description.

CVE-2024-1212 (CVSS v3.1 score: 10.0, “critical”) impacts LoadMaster versions 7.2.48.1 before 7.2.48.10, 7.2.54.0 before 7.2.54.8, and 7.2.55.0 before 7.2.59.2.

LoadMaster is an application delivery controller (ADC) and load-balancing solution used by large organizations to optimize app performance, manage network traffic, and ensure high service availability.

CISA orders federal organizations using the product to apply the available updates and mitigations until December 9, 2024, or stop using it.

No details about the active exploitation activity have been published at this time, and the status of its exploitation in ransomware campaigns is marked as unknown.

The other two flaws CISA added to KEV are CVE-2024-0012 and CVE-2024-9474, authentication bypass and OS command injection flaws respectively, impacting Palo Alto Networks PAN-OS Management Interface.

Progress Software recently fixed another max severity flaw in LoadMaster products that allows remote attackers to execute arbitrary commands on the device.

Identified as CVE-2024-7591, the flaw is categorized as an improper input validation problem allowing an unauthenticated, remote attacker to access LoadMaster’s management interface using a specially crafted HTTP request.

CVE-2024-7591 impacts LoadMaster version 7.2.60.0 and all previous versions, as well as MT Hypervisor version 7.1.35.11 and all prior releases.

That said, system administrators looking to upgrade to a safe version should move to a release that addresses both maximum severity flaws in LoadMaster, even if active exploitation for CVE-2024-7591 has not been observed yet.

Bill Toulas

Kommentar verfassen Kommentieren abbrechen

London, GB

12:12 Uhr, Feb. 4, 2025

7°C

L: 5° | H: 7°

Fühlt sich an wie 4°C° broken clouds

Luftfeuchtigkeit: 93 %

Druck: 1024 mb

Wind: 8 mph SW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 75%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 7:34 am

Sonnenuntergang: 4:54 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 9:00 pm

5° | 7°°C 0.2 mm 20% 15 mph 95 % 1026 mb 0 mm/h

Tomorrow 9:00 pm

4° | 8°°C 0 mm 0% 9 mph 86 % 1045 mb 0 mm/h

Do. Feb. 06 9:00 pm

2° | 8°°C 0 mm 0% 9 mph 86 % 1046 mb 0 mm/h

Fr. Feb. 07 9:00 pm

2° | 6°°C 0 mm 0% 12 mph 92 % 1041 mb 0 mm/h

Sa. Feb. 08 9:00 pm

1° | 4°°C 0.35 mm 35% 10 mph 89 % 1030 mb 0.15 mm/h

Today 3:00 am

5° | 6°°C 0 mm 0% 6 mph 92 % 1024 mb 0 mm/h

Today 6:00 am

6° | 6°°C 0 mm 0% 9 mph 95 % 1023 mb 0 mm/h

Today 9:00 am

7° | 7°°C 0 mm 0% 11 mph 91 % 1022 mb 0 mm/h

Today 12:00 pm

10° | 10°°C 0 mm 0% 13 mph 75 % 1022 mb 0 mm/h

Today 3:00 pm

9° | 9°°C 0 mm 0% 15 mph 76 % 1021 mb 0 mm/h

Today 6:00 pm

10° | 10°°C 0.2 mm 20% 12 mph 88 % 1022 mb 0 mm/h

Today 9:00 pm

8° | 8°°C 0.2 mm 20% 10 mph 74 % 1026 mb 0 mm/h

Tomorrow 12:00 am

6° | 6°°C 0 mm 0% 9 mph 82 % 1030 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€98,319.49	4.71%
Ethereum(ETH)	€2,787.65	1.16%
XRP(XRP)	€2.63	7.34%
Fesseln(USDT)	€0.97	0.13%
Solana(SOL)	€210.11	7.57%
USDC(USDC)	€0.97	0.00%
Dogecoin(DOGE)	€0.276355	8.43%
Shiba Inu(SHIB)	€0.000016	10.16%
Pepe(PEPE)	€0.000011	4.62%

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns