CVE-2024-3544

EUVD-2024-32130
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
progressloadmaster
𝑥
< 7.2.48.11
progressloadmaster
7.2.49.0 ≤
𝑥
< 7.2.54.10
progressloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
kemptechnologiesloadmaster
7.2.55.0\(ga\) ≤
𝑥
< 7.2.59.4
ADP
kemptechnologiesloadmaster
7.2.49.0\(ltsf\) ≤
𝑥
< 7.2.54.10
ADP
kemptechnologiesloadmaster
7.2.48.11\(lts\) ≤
𝑥
< 7.2.48.12
ADP
Common Weakness Enumeration
References
https://kemptechnologies.com/
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543
https://kemptechnologies.com/
https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543