Progress Software program has issued an emergency repair for a most (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor merchandise that permits attackers to remotely execute instructions on the machine.
The flaw, tracked as CVE-2024-7591, is categorized as an improper enter validation downside permitting an unauthenticated, distant attacker to entry LoadMaster’s administration interface utilizing a specifically crafted HTTP request.
Nevertheless, the shortage of person enter sanitization might additionally enable the attacker to execute arbitrary system instructions on susceptible endpoints.
“It’s potential for unauthenticated, distant attackers who’ve entry to the administration interface of LoadMaster to concern a rigorously crafted HTTP request that can enable arbitrary system instructions to be executed,” reads the safety bulletin.
“This vulnerability has been closed by sanitizing request person enter to mitigate arbitrary system instructions execution.”
LoadMaster is an utility supply controller (ADC) and cargo balancing answer utilized by giant organizations for optimizing app efficiency, managing community visitors, and guaranteeing excessive service availability.
The MT Hypervisor is a model of LoadMaster designed for multi-tenant environments, permitting a number of digital community capabilities to run on the identical {hardware}.
CVE-2024-7591 was discovered to affect LoadMaster model 7.2.60.0 and all earlier variations, and likewise the MT Hypervisor model 7.1.35.11 and all prior releases. Lengthy-Time period Help (LTS) and Lengthy-Time period Help with Characteristic (LTSF) branches are additionally impacted.
To repair the flaw, Progress launched an add-on bundle that may be put in on any of the susceptible variations, together with older releases, so there’s no goal variations to improve to with the intention to tackle the chance from this vulnerability.
Nevertheless, the patch doesn’t apply to the free model of LoadMaster, so CVE-2024-7591 stays an issue there.
Progress Software program says it has not acquired any experiences of energetic exploitation for the vulnerability as of the publication of its bulletin.
Nonetheless, all LoadMaster customers are beneficial to take the suitable motion to safe their surroundings in opposition to this risk, together with putting in the add-on and likewise implementing the vendor-recommended safety hardening measures.