Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation

CISA is warning organizations that CVE-2024-1212, a Progress Kemp LoadMaster OS command injection vulnerability, is being exploited in attacks.

CISA

CISA this week warned organizations that it’s aware of attacks exploiting a vulnerability in Progress Software’s Kemp LoadMaster. 

The product, an application delivery controller (ADC) and load balancer, is affected by a critical vulnerability tracked as CVE-2024-1212, which CISA has added to its Known Exploited Vulnerabilities (KEV) catalog. 

The flaw has been described as an unauthenticated command injection issue affecting the Kemp LoadMaster web-based administration interface. An attacker can exploit the vulnerability to fully compromise a targeted appliance. 

Progress announced a patch for the vulnerability on February 7.

The flaw was discovered by Rhino Security Labs, which disclosed technical details on March 19, when it also made available a PoC exploit and a Metasploit module. Another exploitation path was made public in early April by Tenable. 

CISA has not released any information on the attacks exploiting CVE-2024-1212 and there do not appear to be any recent reports describing exploitation. 

However, SonicWall published a blog post on March 27, which mentioned that the company had seen thousands of attempts to exploit the vulnerability in late March.

SonicWall initially said it had “confirmed active exploitation”, but later updated its post to clarify that it had actually only seen exploitation attempts, not successful attacks. 

Advertisement. Scroll to continue reading.

It’s unclear if CISA has added CVE-2024-1212 to its KEV catalog based on the old SonicWall report or if it has more recent information.

CISA previously warned organizations about other Progress product vulnerabilities being exploited in attacks, including ones affecting WhatsUp Gold and Telerik

Related: Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities

Related: DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign 

Related: Organizations Warned of Exploited Fortinet FortiOS Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.