Skip to content

Critical Vulnerability in Progress Kemp products - 20240223001

Overview

The WA SOC has been made aware of a critical vulnerability in Progress Kemp products that allows unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a crafted API command that will allow execution of arbitrary system commands. This also impacts Progress Kemp’s ECS Connection Manager Product.

What is vulnerable?

Product(s) Affected CVE Severity CVSS
Progress Kemp Loadmaster Version from 7.2.48.1 before 7.2.48.10
Progress Kemp Loadmaster Version from 7.2.54.0 before 7.2.54.8
Progress Kemp Loadmaster Version from 7.2.55.0 before 7.2.59.2
CVE-2024-1212 Critical 10.0
ECS Content Manager Version before 7.2.59.2 CVE-2024-1212 Critical 10.0

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month. (refer Patch Management)

  • https://support.kemptechnologies.com/hc/en-us/articles/23901649582477-ECS-Connection-Manager-Security-Vulnerability-CVE-2024-1212

Additional References