CVE-2024-1212
Progress Kemp LoadMaster OS Command Injection Vulnerability
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Los atacantes remotos no autenticados pueden acceder al sistema a través de la interfaz de administración de LoadMaster, lo que permite la ejecución arbitraria de comandos del sistema.
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.
*Credits:
Rhino Security Labs
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-02 CVE Reserved
- 2024-02-21 CVE Published
- 2024-03-19 First Exploit
- 2024-11-18 Exploited in Wild
- 2024-11-19 CVE Updated
- 2024-11-20 EPSS Updated
- 2024-12-09 KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
- CAPEC-88: OS Command Injection
- CAPEC-113: Interface Manipulation
- CAPEC-115: Authentication Bypass
References (9)
URL | Date | SRC |
---|---|---|
https://github.com/Chocapikk/CVE-2024-1212 | 2024-03-19 | |
https://github.com/MuhammadWaseem29/CVE-2024-1212 | 2024-09-04 | |
https://github.com/nak000/CVE-2024-1212 | 2024-09-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Progress Software Search vendor "Progress Software" | LoadMaster Search vendor "Progress Software" for product "LoadMaster" | >= 7.2.48.1 < 7.2.48.10 Search vendor "Progress Software" for product "LoadMaster" and version " >= 7.2.48.1 < 7.2.48.10" | en |
Affected
| ||||||
Progress Software Search vendor "Progress Software" | LoadMaster Search vendor "Progress Software" for product "LoadMaster" | >= 7.2.54.0 < 7.2.54.8 Search vendor "Progress Software" for product "LoadMaster" and version " >= 7.2.54.0 < 7.2.54.8" | en |
Affected
| ||||||
Progress Software Search vendor "Progress Software" | LoadMaster Search vendor "Progress Software" for product "LoadMaster" | >= 7.2.55.0 < 7.2.59.2 Search vendor "Progress Software" for product "LoadMaster" and version " >= 7.2.55.0 < 7.2.59.2" | en |
Affected
|