Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
Key Information
- Vendor
- Progress
- Status
- Loadmaster
- Vendor
- CVE Published:
- 5 September 2024
Badges
Summary
The vulnerability CVE-2024-7591 affects Progress LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. It allows attackers to remotely execute commands on the device, posing a maximum severity risk. The flaw is categorized as an improper input validation problem and can be exploited through a specially crafted HTTP request, enabling unauthenticated, remote attackers to access the management interface of LoadMaster and execute arbitrary system commands. The vulnerability impacts several versions of the software, and an emergency fix has been released by Progress Software to address the issue. While there have been no reports of active exploitation, all LoadMaster users are advised to install the add-on and implement recommended security hardening measures.
Affected Version(s)
LoadMaster < 7.2.60.1
News Articles
Progress Software discloses maximum severity LoadMaster flaw – here’s what you need to know
The RCE flaw primarily affects Progress Software’s LoadMaster and LoadMaster Multi-Tenant hypervisor software
1 week ago
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.
1 week ago
CVSS V3.1
Timeline
Risk change from: null to: 10 - (CRITICAL)
First article discovered by BleepingComputer
Vulnerability published.