Unauthenticated Attackers Can Perform Actions Using SSH Private Keys
CVE-2024-3544

7.5HIGH

Key Information:

Vendor: Progress Software
Status: Loadmaster
Vendor: CVE Published:; 2 May 2024

Summary

The vulnerability allows unauthenticated attackers to exploit SSH private keys when they have access to the same network as a machine within a High Availability (HA) or Cluster group. By simply knowing an IP address, attackers can perform unauthorized actions that could compromise the integrity and availability of the system. Kemp Technologies has addressed this issue by implementing enhanced security measures for LoadMaster partner communications. The update mandates a shared secret exchange between partners, ensuring secure communication and mitigating the risk of unauthorized access.

Affected Version(s)

LoadMaster LoadMaster 7.2.55.0 (GA)

LoadMaster LoadMaster 7.2.55.0 (GA) < 7.2.59.4

LoadMaster LoadMaster 7.2.49.0 (LTSF) < 7.2.54.10

References

https://kemptechnologies.com/

product

https://support.kemptechnologies.com/hc/en-us/articles/25...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Apr 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Agenzia per la Cybersicurezza Nazionale (ACN)