CVE-2024-1212 (CVSS 10): Unauthenticated Takeover Threat in Progress Kemp LoadMaster
A critical security vulnerability has been exposed in Progress Kemp LoadMaster, leaving your network infrastructure at grave risk. Rhino Security Labs uncovered this flaw (CVE-2024-1212, CVSS 10) – an unauthenticated remote code execution allowing attackers to complete a system takeover.
Affected Systems
CVE-2024-1212 affects a broad swath of the Progress Kemp LoadMaster offerings. All releases post-7.2.48.1, including the specialized LoadMaster Multi-Tenant (MT) VFNs and the standalone ECS Connection Manager (ECS CM) releases, fall under the shadow of this vulnerability. The potential for unauthenticated, remote attackers to manipulate the management interface of LoadMaster.
Impact of Exploitation
Successful exploitation of this vulnerability could lead to a complete compromise of the affected LoadMaster system. Attackers may exfiltrate sensitive data, deploy ransomware, disrupt critical operations, or utilize the compromised system as a pivot point for further attacks within the network.
“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication. This is therefore regarded as a critical security issue,” Progress wrote in its security advisory.
Mitigation
Progress has released security patches to address this vulnerability. Organizations using affected LoadMaster versions must apply the following patches immediately:
Apply these patches to all affected systems immediately. If patching cannot be done quickly:
- Restrict Management Access: Use firewalls and access control lists (ACLs) to limit who can connect to the LoadMaster’s management interface.
- Network Monitoring: Closely monitor network logs for signs of attempted exploitation.
