Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection

CVE-2024-7591
10CRITICAL

Key Information

Vendor
Progress
Status
Loadmaster
Vendor
CVE Published:
5 September 2024

Badges

đź“° News Worthy

Summary

The vulnerability CVE-2024-7591 affects Progress LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. It allows attackers to remotely execute commands on the device, posing a maximum severity risk. The flaw is categorized as an improper input validation problem and can be exploited through a specially crafted HTTP request, enabling unauthenticated, remote attackers to access the management interface of LoadMaster and execute arbitrary system commands. The vulnerability impacts several versions of the software, and an emergency fix has been released by Progress Software to address the issue. While there have been no reports of active exploitation, all LoadMaster users are advised to install the add-on and implement recommended security hardening measures.

Affected Version(s)

LoadMaster < 7.2.60.1

News Articles

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Risk change from: null to: 10 - (CRITICAL)

  • First article discovered by BleepingComputer

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

Florian Grunow - ERNW
Marius Walter - ERNW
.