Progress Software program has addressed a number of high-severity safety flaws in its LoadMaster software program that could possibly be exploited by malicious actors to execute arbitrary system instructions or obtain any file from the system.
Kemp LoadMaster is a high-performance utility supply controller (ADC) and cargo balancer that gives availability, scalability, efficiency, and safety for business-critical functions and web sites.
The recognized vulnerabilities are listed beneath –
- CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, and CVE-2024-56135 (CVSS scores: 8.4) – A set of improper enter validation vulnerabilities that permits distant malicious actors who achieve entry to the administration interface of LoadMaster and efficiently authenticate to execute arbitrary system instructions by way of a rigorously crafted HTTP request
- CVE-2024-56134 (CVSS rating: 8.4) – An improper enter validation vulnerability that permits distant malicious actors who achieve entry to the administration interface of LoadMaster and efficiently authenticate to obtain the content material of any file on the system by way of a rigorously crafted HTTP request
The next variations of the software program are affected by the failings –
- LoadMaster variations from 7.2.55.0 to 7.2.60.1 (inclusive) - Mounted in 7.2.61.0 (GA)
- LoadMaster variations from 7.2.49.0 to 7.2.54.12 (inclusive) – Mounted in 7.2.54.13 (LTSF)
- LoadMaster model 7.2.48.12 and prior – Improve to LTSF or GA
- Multi-Tenant LoadMaster model 7.1.35.12 and prior – Mounted in 7.1.35.13 (GA)
Progress Software program famous that it has no proof that any of the aforementioned vulnerabilities have been exploited within the wild. That stated, with beforehand disclosed flaws weaponized by risk actors previously, it is important that prospects apply the most recent patches for optimum safety.