Progress Software Releases Security Advisory for LoadMaster

A critical vulnerability could lead to arbitrary command execution

Threat ID:: CC-4546
Threat Severity:: Medium
Published:: 9 September 2024 2:38 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A critical vulnerability could lead to arbitrary command execution

Affected platforms

The following platforms are known to be affected:

Progress LoadMaster

LoadMaster | 7.2.60.0 and earlier

Multi-Tenant Hypervisor | 7.1.35.11 and earlier

Multi-Tenant LoadMaster is also affected

Threat details

Introduction

Progress has released a security advisory addressing one critical vulnerability affecting all LoadMaster products.

CVE-2024-7591 has a CVSSv3 score of 10.0 and could allow an unauthenticated, remote attacker with access to the management interface to issue a carefully crafted HTTP request that will allow execution of arbitrary system commands. Progress LoadMaster is an application delivery controller (ADC) and load balancer.

Remediation advice

Affected organisations are encouraged to review the Progress advisory LoadMaster Security Vulnerability CVE-2024-7591 and apply the applicable add-on packages.

Definitive source of threat updates

https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591

CVE Vulnerabilities

Status Published

CVE-2024-7591

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

Last edited: 9 September 2024 2:38 pm