CISA warns of actively exploited critical flaws in Progress Kemp LoadMaster
Take action: This was expected - a perfect 10 flaw will be exploited. If you are using Progress Kemp LoadMaster, isolate it in secure network access and patch ASAP. You are being attacked. Don't wait.
Learn More
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a critical alert regarding actively exploited vulnerabilities in Progress Kemp LoadMaster, an application delivery controller (ADC) and load-balancing solution used by large organizations for optimizing app performance and managing network traffic.
A patch for CVE-2024-1212 was released in February, 2024
- CVE-2024-1212 (CVSS score 10) - OS Command Injection Vulnerability is the primary critical vulnerability, allows unauthenticated remote attackers to execute arbitrary system commands
- Affects
- LoadMaster versions 7.2.48.1 before 7.2.48.10
- LoadMaster versions 7.2.54.0 before 7.2.54.8
- LoadMaster versions 7.2.55.0 before 7.2.59.2
- Affects
- CVE-2024-7591 (CVSS score 7.2) - OS Command Injection Vulnerability is the secondary, chained vulnerability to CVE-2024-1212
- Affects:
- LoadMaster version 7.2.60.0 and all previous versions
- MT Hypervisor version 7.1.35.11 and all prior releases
- Affects:
CISA has mandated federal organizations to apply available updates by December 9, 2024, or discontinue using the product. System administrators are advised to upgrade to versions that address both vulnerabilities
