FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-7591

Improper Input Validation (CWE-20)

Published: Sep 5, 2024 / Updated: 2mo ago

010
CVSS 7.2EPSS 0.04%High
CVE info copied to clipboard

Summary

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection. This vulnerability affects LoadMaster versions 7.2.40.0 and above, all versions of ECS, and Multi-Tenancy versions 7.1.35.4 and above. The issue allows unauthenticated remote attackers to access the management interface of LoadMaster. By sending a specially crafted HTTP request, attackers can execute arbitrary system commands.

Impact

The impact of this vulnerability is severe. Attackers can gain unauthorized access to the management interface of LoadMaster and execute arbitrary system commands. This could potentially lead to complete system compromise, data theft, service disruption, or use of the compromised system as a pivot point for further attacks in the network. The vulnerability has a CVSS v3.1 base score of 7.2, indicating a high severity level with high impacts on confidentiality, integrity, and availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Progress Kemp has released security updates as of August 19, 2024. The patch is provided as an add-on package that can be installed on any version of LoadMaster, even if support for the device has expired. The add-on can be downloaded from a link provided by the manufacturer and installed according to instructions in their Knowledge Base article.

Mitigation

1. Immediately update affected products with the provided security add-on. 2. For Multi-Tenant LoadMaster (LoadMaster MT): - Patch individual instantiated LoadMaster VNFs as soon as possible. - Patch the MT-Hypervisor or Manager node as quickly as possible. 3. Install the add-on package even on devices with expired support. 4. Monitor systems for any signs of unauthorized access or unusual activity. 5. Consider implementing additional network segmentation to limit potential access to the management interface.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-7591. See article

Aug 20, 2024 at 12:52 PM / Günter Born
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 20, 2024 at 12:52 PM
CVE Assignment

NVD published the first details for CVE-2024-7591

Sep 5, 2024 at 6:15 PM
CVSS

A CVSS base score of 10 has been assigned.

Sep 5, 2024 at 6:21 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 6, 2024 at 11:02 AM
Trending

This CVE started to trend in security discussions

Sep 9, 2024 at 4:49 PM
Trending

This CVE stopped trending in security discussions

Sep 12, 2024 at 7:08 PM
CVSS

A CVSS base score of 7.2 has been assigned.

Sep 19, 2024 at 6:20 PM / nvd
Static CVE Timeline Graph

Affected Systems

Kemptechnologies/loadmaster
+null more

Patches

support.kemptechnologies.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Progress Kemp - LoadMaster Security Vulnerability
NCSC-FI vulnerabilities summary 2024-09-09 / 2mo
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0, CVEs: CVE-2024-7591, Summary: This article describes a LoadMaster security vulnerability that affects all LoadMaster releases as well as the LoadMaster Multi-Tenant (MT) hypervisor. Please see CVE-2024-7591 for the official description. We have not received any reports that this vulnerability has been exploited and we are not aware of any direct impact to customers. Nevertheless, we are encouraging all customers to upgrade their LoadMaster implementations as soon as possible to harden their environment.

News

CISA Identifies Actively Exploited Vulnerability in Progress Kemp LoadMaster
Newswires - VULNERA / 4h
Progress Software recently addressed another maximum severity flaw in LoadMaster products that allows remote attackers to execute arbitrary commands on the device. The flaw allows an unauthenticated, remote attacker to access the system via the LoadMaster management interface, enabling arbitrary system command execution.
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
unSafe.sh - 不安全 / 5h
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. “Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution,” reads the flaw’s description .
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
unSafe.sh - 不安全 / 5h
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. “Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution,” reads the flaw’s description .
💻 CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
Dragon Security Threat Intelligence Feed / 6h
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. “Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution,” reads the flaw’s description .
CISA tags new Progress Kemp LoadMaster flaw as exploited in attacks
BleepingComputer / 7h
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. “Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution,” reads the flaw’s description .
See 74 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.2(51562)CWE-20(11385)CWE-78(3977)Kemptechnologies(11)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial