Progress Software addresses multiple high-strength security flaws in Loadmaster software that can be exploited by malicious actors to execute any system command or download files from the system.
KEMP Loadmaster is a high-performance application delivery controller (ADC) and load balancer that provides business-critical applications and website availability, scalability, performance and security.
The identified vulnerabilities are listed below –
CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, and CVE-2024-56135 (CVSS score: 8.4) – Inappropriate input that allows remote malicious actors with access to the management interface Validation vulnerabilities set of Loadmaster to successfully authenticate to execute any system command via carefully created HTTP request CVE-2024-56134 (CVSS score: 8.4) – Access the Management Interface of Loadmaster Can allow remote malicious actors to inappropriate input validation vulnerabilities to download the contents of files on the system via carefully created HTTP requests
The next version of the software is affected by the defect –
Loadmaster versions from 7.2.55.0 to 7.2.60.1 (comprehensive) – 7.2.61.0 (GA) Loadmaster versions are fixed with 7.2.49.0 to 7.2.54.12 (comprehensive) – 7.2.54.13 (LTSF) Loadmaster version 7.2.48.12 It’s there. Prior – Fixed to LTSF or GA Multi-Tenant Roadmaster version 7.1.35.12 and Prior -7.1.35.13 (GA)
Progress Software noted that there is no evidence that any of the aforementioned vulnerabilities have been exploited in the wild. That said, it is essential for customers to apply the latest patches for optimal protection, as previously disclosed defects have previously been used by threat actors.
Source link
