Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212) – CRITICAL

2024-11-28

Progress Kemp LoadMaster suffers from a critical security vulnerability (CVE-2024-1212) that allows unauthenticated remote attackers to execute arbitrary commands on the system through the LoadMaster management interface. This grants them full control over the load balancer.

Required CVE Record Information

Description: Unauthenticated attackers can gain access to the system and execute commands, granting full control.

CVSS Score: 10.0 (CRITICAL)

CWE: 1

Credits: Rhino Security Labs

Platform: Progress Kemp LoadMaster
Version: All versions after 7.2.48.1 (including LoadMaster Multi-Tenant VFNs)
Vulnerability: Unauthenticated Command Injection
Severity: CRITICAL
Date: February 21, 2024

What Undercode Says:

This critical vulnerability in Progress Kemp LoadMaster allows attackers to take complete control of the affected system. It’s crucial to patch your LoadMaster immediately (versions 7.2.48.10, 7.2.54.8, or 7.2.59.2 or later) to mitigate the risk.

Additional Notes:

The vulnerability was discovered and reported by Rhino Security Labs.
CISA (Cybersecurity and Infrastructure Security Agency) has listed CVE-2024-1212 in their Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation attempts.

Remember: This vulnerability is severe. Update your Kemp LoadMaster as soon as possible!

References:

Reported By: Cve.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top