Outbreak Alert

Progress Kemp LoadMaster OS Command Injection Vulnerability

Released: Nov 20, 2024

Kemp LoadMaster OS Command Injection Vulnerability Tags

High Severity

Progress Vendor

Watch Video

Application load balancer actively targeted

FortiGuard network sensors detect attack attempts targeting the Progress Kemp LoadMaster. Successful exploitation of the CVE-2024-1212 vulnerability allows unauthenticated remote attackers to access the system through the management interface, potentially leading to data breaches, service disruptions, or further attacks Learn More »

Common Vulnerabilities and Exposures

Background

Kemp LoadMaster is an application delivery controller (ADC) and load balancing solution designed to optimize the performance, availability, and security of applications by distributing incoming network traffic across multiple servers or resources.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Fortinet customers remain protected through the Intrusion Prevention Service (IPS) and advises organizations to apply the latest security updates to fully mitigate any risks. To review other available protections, see the Solutions Tab.

November 18, 2024: CISA added Progress Kemp LoadMaster OS Command Injection to Vulnerability to Known Exploited Vulnerabilitites Catalog (KEV).
March 19, 2024: Rhino published details on vulnerability
https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/

Attack Sequence

Actions taken by cyber attacker or a malicious entity to compromise a target system or network.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
IPS
Web App Security

DETECT

IOC
Outbreak Detection
Threat Hunting

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Vulnerability Management
Attack Surface Monitoring (Inside & Outside)
Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Medium

Learn More »

Bleeping Computer

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Progress Kemp LoadMaster OS Command Injection Vulnerability

Application load balancer actively targeted

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

Attack Sequence

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Medium

Bleeping Computer

About FortiGuard Outbreak Alerts

Threat Intelligence
Center