Severe OS Command Injection Vulnerability in Progress Kemp LoadMaster Actively Exploited

ISGroup Cybersecurity

This vulnerability in Progress Kemp LoadMaster is currently being actively exploited, as indicated by its inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Exploitation of CVE-2024-1212 highlights the potential impact for organizations that have not yet applied the patch. Attackers exploiting this flaw could gain unauthorized access, execute commands on the underlying system, and compromise critical infrastructure.

ProductKemp LoadMaster
Date2024-11-19 16:59:28
Information
  • Fix Available
  • Active Exploitation

Technical Summary

CVE-2024-1212 is a critical OS command injection vulnerability affecting Progress Kemp LoadMaster. This flaw allows remote, unauthenticated attackers to execute arbitrary system commands via the LoadMaster management interface. The vulnerability, which has been assigned the maximum CVSS score of 10.0, represents a significant threat as it could lead to full system compromise, exposing sensitive data and disrupting operations.

Recommendations

Organizations using Progress Kemp LoadMaster should immediately apply the security patches released in February 2024 to mitigate this critical vulnerability.

[Callforaction-THREAT-Footer]