CVE-2024-1212 - Progress Kemp LoadMaster OS Command Injection Vulnerability
Project:Progress
Product:Kemp LoadMaster
Date Added:2024-11-18Due Date:2024-12-09
Vulnerability Name
Progress Kemp LoadMaster OS Command Injection Vulnerability
Description
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
https://nvd.nist.gov/vuln/detail/CVE-2024-1212
Related News Articles
CISA tags Progress Kemp LoadMaster flaw as exploited in attacksNovember 20, 2024