Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.

The flaw, tracked as CVE-2024-7591, is categorized as an improper input validation problem allowing an unauthenticated, remote attacker to access LoadMaster’s management interface using a specially crafted HTTP request.

However, the lack of user input sanitization could also allow the attacker to execute arbitrary system commands on vulnerable endpoints.

“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed,” reads the security bulletin.

“This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”

LoadMaster is an application delivery controller (ADC) and load balancing solution used by large organizations for optimizing app performance, managing network traffic, and ensuring high service availability.

The MT Hypervisor is a version of LoadMaster designed for multi-tenant environments, allowing multiple virtual network functions to run on the same hardware.

CVE-2024-7591 was found to impact LoadMaster version 7.2.60.0 and all previous versions, and also the MT Hypervisor version 7.1.35.11 and all prior releases. Long-Term Support (LTS) and Long-Term Support with Feature (LTSF) branches are also impacted.

To fix the flaw, Progress released an add-on package that can be installed on any of the vulnerable versions, including older releases, so there’s no target versions to upgrade to in order to address the risk from this vulnerability.

However, the patch does not apply to the free version of LoadMaster, so CVE-2024-7591 remains a problem there.

Progress Software says it has not received any reports of active exploitation for the vulnerability as of the publication of its bulletin.

Nevertheless, all LoadMaster users are recommended to take the appropriate action to secure their environment against this possibility, including installing the add-on and also implementing the vendor-recommended security hardening measures.

Bill Toulas

Leave a Comment Cancel Reply

London, GB

2:45 am, Jan 24, 2025

9°C

L: 9° | H: 10°

Feels like 6°C° overcast clouds

Humidity: 91 %

Pressure: 996 mb

Wind: 14 mph WSW

Wind Gust: 24 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 100%

Rain Chance: 0%

Visibility: 6 km

Sunrise: 7:49 am

Sunset: 4:35 pm

DailyHourly

Daily ForecastHourly Forecast

Today 9:00 pm

9° | 10°°C 1 mm 100% 24 mph 91 % 1002 mb 0 mm/h

Tomorrow 9:00 pm

3° | 5°°C 1 mm 100% 11 mph 90 % 1010 mb 0 mm/h

Sun Jan 26 9:00 pm

2° | 7°°C 1 mm 100% 15 mph 97 % 1009 mb 0 mm/h

Mon Jan 27 9:00 pm

6° | 8°°C 1 mm 100% 12 mph 98 % 991 mb 0 mm/h

Tue Jan 28 9:00 pm

5° | 7°°C 1 mm 100% 15 mph 92 % 999 mb 0 mm/h

Today 3:00 am

9° | 10°°C 0.83 mm 83% 22 mph 91 % 996 mb 0 mm/h

Today 6:00 am

9° | 10°°C 1 mm 100% 24 mph 89 % 995 mb 0 mm/h

Today 9:00 am

10° | 11°°C 1 mm 100% 15 mph 85 % 994 mb 0 mm/h

Today 12:00 pm

9° | 9°°C 0.8 mm 80% 17 mph 60 % 997 mb 0 mm/h

Today 3:00 pm

8° | 8°°C 0 mm 0% 13 mph 50 % 999 mb 0 mm/h

Today 6:00 pm

7° | 7°°C 0 mm 0% 9 mph 56 % 1002 mb 0 mm/h

Today 9:00 pm

6° | 6°°C 0 mm 0% 5 mph 63 % 1002 mb 0 mm/h

Tomorrow 12:00 am

5° | 5°°C 0 mm 0% 4 mph 68 % 1000 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€99,159.01	0.87%
Ethereum(ETH)	€3,172.44	2.68%
XRP(XRP)	€2.95	-2.23%
Tether(USDT)	€0.96	0.06%
Solana(SOL)	€239.70	0.62%
USDC(USDC)	€0.96	0.00%
Dogecoin(DOGE)	€0.331925	-2.26%
Shiba Inu(SHIB)	€0.000019	-1.63%
Pepe(PEPE)	€0.000014	-0.42%
Peanut the Squirrel(PNUT)	€0.333452	-4.27%

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us