// For flags

CVE-2024-1212

Progress Kemp LoadMaster OS Command Injection Vulnerability

Severity Score

10.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Los atacantes remotos no autenticados pueden acceder al sistema a través de la interfaz de administración de LoadMaster, lo que permite la ejecución arbitraria de comandos del sistema.

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.

*Credits: Rhino Security Labs
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-02-02 CVE Reserved
  • 2024-02-21 CVE Published
  • 2024-03-19 First Exploit
  • 2024-11-18 Exploited in Wild
  • 2024-11-19 CVE Updated
  • 2024-11-20 EPSS Updated
  • 2024-12-09 KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
  • CAPEC-88: OS Command Injection
  • CAPEC-113: Interface Manipulation
  • CAPEC-115: Authentication Bypass
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Progress Software
Search vendor "Progress Software"
LoadMaster
Search vendor "Progress Software" for product "LoadMaster"
>= 7.2.48.1 < 7.2.48.10
Search vendor "Progress Software" for product "LoadMaster" and version " >= 7.2.48.1 < 7.2.48.10"
en
Affected
Progress Software
Search vendor "Progress Software"
LoadMaster
Search vendor "Progress Software" for product "LoadMaster"
>= 7.2.54.0 < 7.2.54.8
Search vendor "Progress Software" for product "LoadMaster" and version " >= 7.2.54.0 < 7.2.54.8"
en
Affected
Progress Software
Search vendor "Progress Software"
LoadMaster
Search vendor "Progress Software" for product "LoadMaster"
>= 7.2.55.0 < 7.2.59.2
Search vendor "Progress Software" for product "LoadMaster" and version " >= 7.2.55.0 < 7.2.59.2"
en
Affected