LoadMaster Cross-Site Request Forgery Vulnerability
CVE-2024-2449

7.5HIGH

Key Information:

Vendor: Progress Software
Status: Loadmaster
Vendor: CVE Published:; 22 March 2024

🔔 Create Progress Software Vulnerability Alert

What is CVE-2024-2449?

A cross-site request forgery vulnerability has been discovered in LoadMaster, a leading application delivery controller from Kemp Technologies. This flaw permits a malicious actor to exploit the knowledge of an authenticated LoadMaster administrator's IP address or hostname, redirecting them to a malicious third-party site. Once on the site, the CSRF payload could initiate unauthorized HTTP transactions on behalf of the administrator without their consent. Proper measures and best practices are essential to mitigate this type of attack and protect sensitive information.

Affected Version(s)

LoadMaster 7.2.55.0

LoadMaster 7.2.55.0 < 7.2.59.3 ( LoadMaster GA)

LoadMaster 7.2.49.0 < 7.2.54.9 ( LoadMaster LTSF)

References

https://progress.com/loadmaster

product

https://support.kemptechnologies.com/hc/en-us/articles/25...

vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Mar 14, 2024

Credit

Rhino Security Labs - David Yesland

JSON