Critical 10/10 Severity RCE Vulnerability Identified in Progress LoadMaster

September 8, 2024

Progress Software has urgently addressed a critical vulnerability, rated 10/10 in severity, that affects its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. This flaw, identified as CVE-2024-7591, allows potential attackers to remotely execute commands on the device.

The vulnerability is a result of improper input validation, which permits an unauthenticated, remote attacker to gain access to the LoadMaster’s management interface using a specially designed HTTP request. The lack of sanitization of user input could also enable the attacker to execute random system commands on vulnerable endpoints. The security bulletin states, "It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed." The issue has been resolved by sanitizing user input to prevent the execution of arbitrary system commands.

LoadMaster is an application delivery controller (ADC) and load balancing solution used by large organizations for managing network traffic, optimizing application performance, and ensuring high service availability. The MT Hypervisor is a variant of LoadMaster designed for multi-tenant environments, allowing multiple virtual network functions to operate on the same hardware.

CVE-2024-7591 affects LoadMaster version 7.2.60.0 and all previous versions, as well as the MT Hypervisor version 7.1.35.11 and all prior releases. Both Long-Term Support (LTS) and Long-Term Support with Feature (LTSF) branches are impacted. To rectify the flaw, Progress has introduced an add-on package that can be installed on any of the vulnerable versions, including older releases. However, this patch does not apply to the free version of LoadMaster, leaving CVE-2024-7591 as a persistent issue there.

Progress Software has not yet received any reports of active exploitation of the vulnerability as per their bulletin. However, all LoadMaster users are advised to take the necessary steps to secure their environment against potential exploitation, including installing the add-on and implementing the vendor-recommended security hardening measures.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.