Web Application Security090502237 - Kemp.LoadMaster.verify_perms.Code.Injection
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in Kemp LoadMaster.
The vulnerability is due to insufficient sanitizing of user-supplied input. An attacker can exploit this issue to inject arbitrary code, which will be executed in the target user's system.
Outbreak Alert
FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks
Affected Products
Kemp LoadMaster and LoadMaster Multi-Tenant from 7.2.48.1 prior to 7.2.48.10
Kemp LoadMaster and LoadMaster Multi-Tenant from 7.2.54.0 prior to 7.2.54.8
Kemp LoadMaster and LoadMaster Multi-Tenant from 7.2.55.0 prior to 7.2.59.2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-12-02 | 0.00389 |
New
|
| ID | 1090502237 |
| Created | Dec 02, 2024 |
| Updated | Dec 02, 2024 |
| CVE ID | |
| Tags | Kemp LoadMaster OS Command Injection |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | All |
| Affected App | Other |
| Engine Version | 5.0.0 or later |