CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress Kemp LoadMaster, a popular load balancing and application delivery solution.

Designated as CVE-2024-1212, the vulnerability allows remote, unauthenticated attackers to execute arbitrary commands on affected systems, posing a severe threat to organizations relying on the product for network management.

CVE-2024-1212: Progress Kemp LoadMaster OS Command Injection Vulnerability

According to CISA, the vulnerability, which is related to CWE-78 (Improper Neutralization of Special Elements used in an OS Command), stems from improper input sanitization in the LoadMaster management interface.

This flaw enables attackers to inject operating system commands that can be executed with elevated privileges.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Given the nature of the vulnerability, attackers can take full control of compromised systems, potentially leading to further attacks, data ...