Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
CVE-2024-7591
Key Information:
- Vendor
- Progress
- Status
- Loadmaster
- Vendor
- CVE Published:
- 5 September 2024
Badges
Summary
The vulnerability CVE-2024-7591 affects Progress LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. It allows attackers to remotely execute commands on the device, posing a maximum severity risk. The flaw is categorized as an improper input validation problem and can be exploited through a specially crafted HTTP request, enabling unauthenticated, remote attackers to access the management interface of LoadMaster and execute arbitrary system commands. The vulnerability impacts several versions of the software, and an emergency fix has been released by Progress Software to address the issue. While there have been no reports of active exploitation, all LoadMaster users are advised to install the add-on and implement recommended security hardening measures.
Affected Version(s)
LoadMaster 7.2.40.0 < 7.2.60.1
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.
3 months ago
LoadMaster Vulnerability CVE-2024-7591: Update Required
The LoadMaster vulnerability CVE-2024-7591 exposes systems to command execution. Download the critical patch now to mitigate any potential exploits.
5 months ago
Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products
Progress Software has released an emergency patch for a critical 10/10 severity vulnerability (CVE-2024-7591) in its LoadMaster products.
5 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by TheCyberThrone
Vulnerability published