Home / Vulnerabilities / CVE-2024-1212
CRITICAL SEVERITY
CVE-2024-1212 Progress · Kemp LoadMaster

Progress Kemp LoadMaster OS Command Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
10 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

94.31 %
Predictive Probability
Percentile Rank
99.9 th

Documented as more likely to be exploited than 99.9% of known CVEs.

Detection Date

Nov 18, 2024

Remediation Due

Dec 09, 2024

CISA Catalog Active

Threat Analysis

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212

https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-1212