CVE-2024-8755

Improper Input Validation (CWE-20)

Published: Oct 11, 2024 / Updated: 39d ago

010
CVSS 8.4EPSS 0.04%High
CVE info copied to clipboard

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-8755

Oct 11, 2024 at 3:15 PM
First Article

Feedly found the first article mentioning CVE-2024-8755. See article

Oct 11, 2024 at 3:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 11, 2024 at 3:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 12, 2024 at 10:02 AM
Static CVE Timeline Graph

Affected Systems

Kemptechnologies/loadmaster
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

Security Bulletin 16 Oct 2024 - Cyber Security Agency of Singapore
https:// nvd . nist .gov/vuln/detail/ CVE -2024-9985. CVE -2024-47875, DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML ...
Update Sun Oct 13 14:25:38 UTC 2024
Update Sun Oct 13 14:25:38 UTC 2024
LoadMaster Security Vulnerability CVE-2024-8755 - Kemp Support
This article describes a LoadMaster security vulnerability that affects all current LoadMaster releases as well as the LoadMaster...
NA - CVE-2024-8755 - Improper Input Validation vulnerability of...
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: ?Product Affected Versions LoadMaster...
CVE-2024-8755
High Severity Description Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) Read more at https://www.tenable.com/cve/CVE-2024-8755
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI