CVE-2024-1212

EUVD-2024-16979
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
progressloadmaster
7.2.48.1 ≤
𝑥
< 7.2.48.10
progressloadmaster
7.2.54.0 ≤
𝑥
< 7.2.54.8
progressloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
kemptechnologiesloadmaster
7.2.48.1 ≤
𝑥
< 7.2.48.10
ADP
kemptechnologiesloadmaster
7.2.54.0 ≤
𝑥
< 7.2.54.8
ADP
kemptechnologiesloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.2
ADP
kemptechnologiesloadmaster
7.2.48.1 ≤
𝑥
< 7.2.48.10
ADP
kemptechnologiesloadmaster
7.2.54.0 ≤
𝑥
< 7.2.54.8
ADP
kemptechnologiesloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.2
ADP
kemptechnologiesloadmaster
7.2.48.1 ≤
𝑥
< 7.2.48.10
ADP
kemptechnologiesloadmaster
7.2.54.0 ≤
𝑥
< 7.2.54.8
ADP
kemptechnologiesloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.2
ADP
Common Weakness Enumeration
References
https://freeloadbalancer.com/
https://kemptechnologies.com/
https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
https://freeloadbalancer.com/
https://kemptechnologies.com/
https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212