#Progress #Software fixed multiple high-severity #LoadMaster flaws
https://securityaffairs.com/174103/security/progress-software-loadmaster-software-flaws.html
#securityaffairs

#BSI WID-SEC-2025-0282: [NEU] [hoch] #Kemp #LoadMaster: Mehrere Schwachstellen

Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Kemp LoadMaster ausnutzen, um beliebigen Programmcode auszuführen oder Informationen offenzulegen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0282

Progress Kemp #LoadMaster contains an OS Command #Injection #vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution (CVE-2024-1212):
https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html

U.S. #CISA adds #Progress #Kemp #LoadMaster, #Palo #Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/171168/security/u-s-cisa-progress-kemp-loadmaster-palo-alto-networks-pan-os-and-expedition-bugs-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

#BSI WID-SEC-2024-3151: [NEU] [mittel] #Kemp #LoadMaster: Schwachstelle ermöglicht Befehlsinjektion

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Kemp LoadMaster ausnutzen, um beliebige Systembefehle auszuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3151

#BSI WID-SEC-2024-2137: [NEU] [hoch] #Kemp #LoadMaster: Schwachstelle ermöglicht Codeausführung

Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in Kemp LoadMaster ausnutzen, um beliebigen Programmcode auszuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2137

#Progress Software fixed a maximum severity flaw in #LoadMaster
https://securityaffairs.com/168192/uncategorized/progress-software-emergency-loadmaster-flaw.html
#securityaffairs #hacking

#BSI WID-SEC-2024-2041: [NEU] [hoch] #Kemp #LoadMaster: Schwachstelle ermöglicht Ausführen von beliebigen Kommandos

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Kemp LoadMaster ausnutzen, um beliebige Systemkommandos auszuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2041

#BSI WID-SEC-2024-1895: [NEU] [mittel] #Kemp #LoadMaster: Schwachstelle ermöglicht Denial of Service

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Kemp LoadMaster ausnutzen, um einen Denial of Service Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1895

Rhino Security Labs disclosed vulnerability details and proofs of concept for CVE-2024-2448 (8.4 high) authenticated command injection and CVE-2024-2449* (7.5 high) Cross-Site Request Forgery (CSRF) protection bypass in Progress Kemp Loadmaster. The CSRF could be combined with the command injection and leveraged to execute commands on LoadMaster load balancers by targeting a user of the administration web user interface (WUI). h/t @buherator 🔗 https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster/

#CVE_2024_2448 #CVE_2024_2449 #Progress #Loadmaster #vulnerability #proofofconcept

SonicWall alleges that CVE-2024-1212 (CVSS: 10.0 critical, disclosed 08 February 2024 by Progress) is being exploited in the wild. "SonicWall sensors have confirmed active exploitation of these vulnerabilities." 🔗 https://blog.sonicwall.com/en-us/2024/03/progress-kemp-loadmaster-unauthenticated-command-injection-vulnerability/

cc: @buherator @campuscodi

EDIT: SonicWall took down the blog post as of 1300 US Eastern 28 March 2024.

#CVE_2024_1212 #eitw #activeexploitation #vulnerability #Kemp #LoadMaster #Progress

Rhino Security Labs, submitters of CVE-2024-1212 (CVSS: 10.0 critical, disclosed 08 February 2024 by Progress) unauthenticated Command Injection
In Progress Kemp LoadMaster, released vulnerability details and a Proof of Concept. 🔗 https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/ H/T @buherator

#CVE_2024_1212 #vulnerability #progress #loadmaster #proofofconcept #POC