CVE-2024-1212
Published: 21 February 2024
Summary
CVE-2024-1212 is a critical-severity OS Command Injection (CWE-78) vulnerability in Progress Loadmaster. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-1212 is a critical OS command injection vulnerability (CWE-78) affecting the LoadMaster management interface. The flaw permits unauthenticated remote attackers to execute arbitrary system commands on affected Kemp Technologies LoadMaster appliances, reflected in its maximum CVSS 3.1 score of 10.0.
An attacker with network reachability to the management interface can exploit the issue without credentials or user interaction, resulting in full compromise of confidentiality, integrity, and availability on the underlying system. The attack surface is exposed by default on the administrative web interface.
Vendor advisories direct customers to apply the fixes shipped in LoadMaster OS releases 7.2.59.2, 7.2.54.8, and 7.2.48.10, which are available from the Kemp support portal. The associated EPSS score remains elevated near 0.94 with no material post-disclosure climb from a low baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16979
Vulnerability details
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
- CWE(s)
- KEV Date Added
- 18 November 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces authentication and authorization checks on the LoadMaster management interface before any command execution is permitted.
Requires validation of all inputs to the management interface to block OS command injection payloads.
Mandates identification and authentication of users before granting access to the remotely reachable management interface.