The U.S. Cybersecurity & Infrastructure Safety Company (CISA) has added three new flaws in its Identified Exploited Vulnerabilities (KEV) catalog, together with a important OS command injection impacting Progress Kemp LoadMaster.
The flaw, found by Rhino Safety Labs and tracked as CVE-2024-1212, was addressed through an replace launched on February 21, 2024. Nonetheless, that is the primary report of it being beneath energetic exploitation within the wild.
“Progress Kemp LoadMaster incorporates an OS command injection vulnerability that permits an unauthenticated, distant attacker to entry the system by way of the LoadMaster administration interface, enabling arbitrary system command execution,” reads the flaw’s description.
CVE-2024-1212 (CVSS v3.1 rating: 10.0, “important”) impacts LoadMaster variations 7.2.48.1 earlier than 7.2.48.10, 7.2.54.0 earlier than 7.2.54.8, and seven.2.55.0 earlier than 7.2.59.2.
LoadMaster is an utility supply controller (ADC) and load-balancing resolution utilized by giant organizations to optimize app efficiency, handle community visitors, and guarantee excessive service availability.
CISA orders federal organizations utilizing the product to use the obtainable updates and mitigations till December 9, 2024, or cease utilizing it.
No particulars concerning the energetic exploitation exercise have been revealed right now, and the standing of its exploitation in ransomware campaigns is marked as unknown.
The opposite two flaws CISA added to KEV are CVE-2024-0012 and CVE-2024-9474, authentication bypass and OS command injection flaws respectively, impacting Palo Alto Networks PAN-OS Administration Interface.
Progress Software program not too long ago fastened one other max severity flaw in LoadMaster merchandise that permits distant attackers to execute arbitrary instructions on the system.
Recognized as CVE-2024-7591, the flaw is categorized as an improper enter validation downside permitting an unauthenticated, distant attacker to entry LoadMaster’s administration interface utilizing a specifically crafted HTTP request.
CVE-2024-7591 impacts LoadMaster model 7.2.60.0 and all earlier variations, in addition to MT Hypervisor model 7.1.35.11 and all prior releases.
That mentioned, system directors seeking to improve to a secure model ought to transfer to a launch that addresses each most severity flaws in LoadMaster, even when energetic exploitation for CVE-2024-7591 has not been noticed but.