Critical Vulnerability in Progress Kemp products - 20240223001¶
Overview¶
The WA SOC has been made aware of a critical vulnerability in Progress Kemp products that allows unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a crafted API command that will allow execution of arbitrary system commands. This also impacts Progress Kemp’s ECS Connection Manager Product.
What is vulnerable?¶
| Product(s) Affected | CVE | Severity | CVSS |
|---|---|---|---|
| Progress Kemp Loadmaster Version from 7.2.48.1 before 7.2.48.10 Progress Kemp Loadmaster Version from 7.2.54.0 before 7.2.54.8 Progress Kemp Loadmaster Version from 7.2.55.0 before 7.2.59.2 |
CVE-2024-1212 | Critical | 10.0 |
| ECS Content Manager Version before 7.2.59.2 | CVE-2024-1212 | Critical | 10.0 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month. (refer Patch Management)
- https://support.kemptechnologies.com/hc/en-us/articles/23901649582477-ECS-Connection-Manager-Security-Vulnerability-CVE-2024-1212