Now-patched safety flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come underneath lively exploitation within the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added CVE-2024-1212 (CVSS rating: 10.0), a maximum-severity safety vulnerability in Progress Kemp LoadMaster to its Identified Exploited Vulnerabilities (KEV) catalog. It was addressed by Progress Software program again in February 2024.
“Progress Kemp LoadMaster accommodates an OS command injection vulnerability that permits an unauthenticated, distant attacker to entry the system by way of the LoadMaster administration interface, enabling arbitrary system command execution,” the company mentioned.
Rhino Safety Labs, which found and reported the flaw, mentioned profitable exploitation permits command execution on LoadMaster ought to an attacker have entry to the administrator internet person interface, granting them full entry to the load balancer.
CISA’s addition of CVE-2024-1212 coincides with a warning from Broadcom that attackers at the moment are exploiting two safety flaws within the VMware vCenter Server, which had been demonstrated on the Matrix Cup cybersecurity competitors held in China earlier this yr.
The failings, CVE-2024-38812 (CVSS rating: 9.8) and CVE-2024-38813 (CVSS rating: 7.5), had been initially resolved in September 2024, though the corporate rolled out fixes for the previous a second-time final month, stating the earlier patches “didn’t absolutely deal with” the issue.
- CVE-2024-38812 – A heap-overflow vulnerability within the implementation of the DCERPC protocol that might allow a malicious actor with community entry to acquire distant code execution
- CVE-2024-38813 – A privilege escalation vulnerability that might allow a malicious actor with community entry to escalate privileges to root
Whereas there are at the moment no particulars on the noticed exploitation of those vulnerabilities in real-world assaults, CISA is recommending that Federal Civilian Government Department (FCEB) businesses remediate CVE-2024-1212 by December 9, 2024, to safe their networks.
The event comes days after Sophos revealed that cybercrime actors are actively weaponizing a important flaw in Veeam Backup & Replication (CVE-2024-40711, CVSS rating: 9.8) to deploy a beforehand undocumented ransomware known as Frag.