Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
CVE-2024-7591
Key Information:
- Vendor
Progress
- Status
- Vendor
- CVE Published:
- 5 September 2024
Badges
What is CVE-2024-7591?
The vulnerability CVE-2024-7591 affects Progress LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. It allows attackers to remotely execute commands on the device, posing a maximum severity risk. The flaw is categorized as an improper input validation problem and can be exploited through a specially crafted HTTP request, enabling unauthenticated, remote attackers to access the management interface of LoadMaster and execute arbitrary system commands. The vulnerability impacts several versions of the software, and an emergency fix has been released by Progress Software to address the issue. While there have been no reports of active exploitation, all LoadMaster users are advised to install the add-on and implement recommended security hardening measures.
Affected Version(s)
LoadMaster 7.2.40.0 < 7.2.60.1
News Articles
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.
The Cyber ExpressCVE-2024-7591LoadMaster Vulnerability CVE-2024-7591: Update Required
The LoadMaster vulnerability CVE-2024-7591 exposes systems to command execution. Download the critical patch now to mitigate any potential exploits.
HackreadCVE-2024-7591Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products
Progress Software has released an emergency patch for a critical 10/10 severity vulnerability (CVE-2024-7591) in its LoadMaster products.
References
EPSS Score
28% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by TheCyberThrone
Vulnerability published