CVE-2024-1212
Progress Kemp LoadMaster OS Command Injection Vulnerability
CVSS
10.0
Crítico
EPSS
95.4%
p100
KEV
SÍ
18 nov 2024
Exploit Today
80
0-100
Publicado: 21 feb 2024 · Última mod.: 13 jul 2026 · CWE-78
Producto
Progress / Kemp LoadMaster
Vulnerabilidad
Progress Kemp LoadMaster OS Command Injection Vulnerability
Añadido a KEV
18 nov 2024
Remediar antes de
9 dic 2024
Uso conocido en ransomware
No
Descripción resumida
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
- freeloadbalancer.comhttps://freeloadbalancer.com/
- kemptechnologies.comhttps://kemptechnologies.com/
- support.kemptechnologies.comhttps://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
- support.kemptechnologies.comhttps://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
- freeloadbalancer.comhttps://freeloadbalancer.com/
- kemptechnologies.comhttps://kemptechnologies.com/
- support.kemptechnologies.comhttps://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
- support.kemptechnologies.comhttps://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
- www.cisa.govhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212