Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
CVE-2024-7591
Key Information:
- Vendor
- Progress
- Status
- Loadmaster
- Vendor
- CVE Published:
- 5 September 2024
Badges
Summary
The vulnerability CVE-2024-7591 affects Progress LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. It allows attackers to remotely execute commands on the device, posing a maximum severity risk. The flaw is categorized as an improper input validation problem and can be exploited through a specially crafted HTTP request, enabling unauthenticated, remote attackers to access the management interface of LoadMaster and execute arbitrary system commands. The vulnerability impacts several versions of the software, and an emergency fix has been released by Progress Software to address the issue. While there have been no reports of active exploitation, all LoadMaster users are advised to install the add-on and implement recommended security hardening measures.
Affected Version(s)
LoadMaster 7.2.40.0 < 7.2.60.1
News Articles
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster.
2 months ago
The Cyber ExpressCVE-2024-7591LoadMaster Vulnerability CVE-2024-7591: Update Required
The LoadMaster vulnerability CVE-2024-7591 exposes systems to command execution. Download the critical patch now to mitigate any potential exploits.
4 months ago
IT ProCVE-2024-7591Progress Software discloses maximum severity LoadMaster flaw – here’s what you need to know
The RCE flaw primarily affects Progress Software’s LoadMaster and LoadMaster Multi-Tenant hypervisor software
4 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by TheCyberThrone
Vulnerability published