Critical Progress LoadMaster vulnerability: unauthenticated code execution

Read Time:1 Minute, 37 Second

A severe vulnerability (CVE-2024-7591) has been discovered in the Progress LoadMaster product line, including all releases and the Multi-Tenant (MT) hypervisor. This flaw allows unauthenticated remote attackers to execute arbitrary code on affected systems.

Understanding CVE-2024-7591

This vulnerability stems from improper input validation on the LoadMaster management interface. An attacker can exploit this by sending a crafted HTTP request that triggers the execution of arbitrary system commands. This flaw poses a significant security risk, as it could compromise the entire system. Affected Versions The vulnerability affects all versions of LoadMaster up to 7.2.60.0 and the Multi-Tenant Hypervisor up to 7.1.35.11.

Mitigation

Progress has released an add-on package to address this vulnerability. The patch sanitizes user input and prevents arbitrary command execution. It includes an XML validation file and is available for all affected LoadMaster versions, including those with expired support.

Installation Instructions

To install the patch:

  1. Download the add-on package.
  2. Navigate to System Configuration → System Administration → Update Software.
  3. Install the patch.

Additional Recommendations

In addition to applying the patch, Progress recommends following security hardening guidelines to further protect LoadMaster environments.

Customer Support

Progress provides technical support to all LoadMaster customers with a current support contract. Customers without an active support contract can contact their Sales Account Manager for assistance.

Importance of Security

This vulnerability highlights the importance of maintaining robust security protocols and staying informed about potential vulnerabilities. By addressing this issue promptly and implementing best practices, LoadMaster users can protect their systems from potential threats. Progress’s swift response underscores its commitment to customer security.

Conclusion

The discovery of CVE-2024-7591 serves as a reminder to remain vigilant and proactive in safeguarding digital assets. Progress’s prompt response and the availability of a patch demonstrate the importance of vendor support in mitigating vulnerabilities. By following recommended security measures and leveraging vendor support, organizations can enhance their overall cybersecurity posture.

Leave a Reply

Your email address will not be published. Required fields are marked *