LoadMaster Cross-Site Request Forgery Vulnerability
CVE-2024-2449
7.5HIGH
What is CVE-2024-2449?
A cross-site request forgery vulnerability has been discovered in LoadMaster, a leading application delivery controller from Kemp Technologies. This flaw permits a malicious actor to exploit the knowledge of an authenticated LoadMaster administrator's IP address or hostname, redirecting them to a malicious third-party site. Once on the site, the CSRF payload could initiate unauthorized HTTP transactions on behalf of the administrator without their consent. Proper measures and best practices are essential to mitigate this type of attack and protect sensitive information.
Affected Version(s)
LoadMaster 7.2.55.0
LoadMaster 7.2.55.0 < 7.2.59.3 ( LoadMaster GA)
LoadMaster 7.2.49.0 < 7.2.54.9 ( LoadMaster LTSF)