CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1212

Critical Severity
Progress
SVRS
92/100
CVSSv3
9.8/10
EPSS
0.9433/1

CVE-2024-1212 allows unauthenticated remote attackers to execute arbitrary system commands via the LoadMaster management interface. This critical vulnerability, with an SVRS of 92, demands immediate attention. The high SVRS indicates significant real-world risk due to its presence in Social Media, News, Code Repositories, Dark/Deep Web data, and associations with Threat Actors. This unauthenticated access bypasses security measures, potentially granting attackers complete control of the affected system. Given the actively published exploits and its inclusion in the CISA KEV catalog, organizations must prioritize patching to prevent system compromise. The remote code execution vulnerability poses a grave risk to data confidentiality, integrity, and availability. Ignoring this threat could lead to significant financial and reputational damage.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-02-21
LAST MODIFIED2025-01-27
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-1212 is a critical vulnerability that allows unauthenticated remote attackers to access the system through the LoadMaster management interface, enabling arbitrary system command execution. This vulnerability has a CVSS score of 10, indicating its severe impact on confidentiality, integrity, and availability. The SOCRadar Vulnerability Risk Score (SVRS) for this CVE is 56, indicating a moderate risk level. However, it is important to note that the SVRS considers various factors beyond the CVSS, such as social media chatter, news, code repositories, and dark/deep web data, which may indicate a higher risk than the CVSS alone suggests.

Key Insights:

  1. Remote Exploitation: This vulnerability can be exploited remotely, allowing attackers to gain unauthorized access to the system without requiring physical presence or local network access. This makes it particularly dangerous as attackers can target systems from anywhere with an internet connection.

  2. Arbitrary System Command Execution: The successful exploitation of this vulnerability allows attackers to execute arbitrary system commands on the affected system. This gives them complete control over the system, enabling them to install malware, steal sensitive data, or disrupt system operations.

  3. Lack of Authentication: The vulnerability is exploitable without requiring authentication, making it easier for attackers to compromise the system. This lack of authentication significantly increases the risk of exploitation, as attackers do not need to possess valid credentials or bypass authentication mechanisms.

Mitigation Strategies:

  1. Apply Software Updates: Organizations should prioritize applying the latest software updates and patches provided by the vendor as soon as possible. This is the most effective way to mitigate the risk associated with this vulnerability.

  2. Implement Strong Authentication: Organizations should implement strong authentication mechanisms, such as multi-factor authentication (MFA), to prevent unauthorized access to the LoadMaster management interface. This will make it more difficult for attackers to exploit the vulnerability even if they have obtained valid credentials.

  3. Restrict Access to the Management Interface: Organizations should restrict access to the LoadMaster management interface to authorized personnel only. This can be achieved by implementing network segmentation, firewalls, and access control lists (ACLs) to limit access to the interface from unauthorized networks or IP addresses.

  4. Monitor and Detect Suspicious Activity: Organizations should implement security monitoring and detection mechanisms to identify and respond to suspicious activity related to this vulnerability. This includes monitoring network traffic, system logs, and security alerts for any signs of compromise or exploitation attempts.

Additional Information:

  • Threat Actors/APT Groups: There is no information available regarding specific threat actors or APT groups actively exploiting this vulnerability.

  • Exploit Status: There is no information available regarding the existence of active exploits for this vulnerability.

  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

  • In the Wild: There is no information available regarding the active exploitation of this vulnerability in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-1212https://github.com/Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-12122024-12-25
Ostorlab/KEVhttps://github.com/Ostorlab/KEV2022-04-19
Progress Kemp LoadMaster OS Command Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-12122024-11-18
RhinoSecurityLabs/CVEshttps://github.com/RhinoSecurityLabs/CVEs2018-12-18
nomi-sec/PoC-in-GitHubhttps://github.com/nomi-sec/PoC-in-GitHub2019-12-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Progress Software fixed multiple high-severity LoadMaster flaws
Pierluigi Paganini2025-02-11
Progress Software fixed multiple high-severity LoadMaster flaws | Progress Software fixed multiple vulnerabilities in its LoadMaster software, which could be exploited to execute arbitrary system commands. Progress Software has addressed multiple high-severity security vulnerabilities (CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135) in its LoadMaster software. Progress Software&#8217;s LoadMaster is a high-performance load balancer and application delivery controller (ADC) designed to optimize the availability, security, and performance of [&#8230;] <h2
securityaffairs.co
rss
forum
news
Tageszusammenfassung - 21.11.2024
CERT.at2025-02-01
Tageszusammenfassung - 21.11.2024 | End-of-Day report Timeframe: Mittwoch 20-11-2024 18:00 - Donnerstag 21-11-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a News Fortinet VPN design flaw hides successful brute-force attacks A design flaw in the Fortinet VPN servers logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. https://www.bleepingcomputer.com
cert.at
rss
forum
news
CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks
Divya2024-11-20
CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks | The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress Kemp LoadMaster, a popular load balancing and application delivery solution. Designated as CVE-2024-1212, the vulnerability allows remote, unauthenticated attackers to execute arbitrary commands on affected systems, posing a severe threat to organizations [&#8230;] The post CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks<
gbhackers.com
rss
forum
news
U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2024-11-19
U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the above vulnerabilities: CVE-2024-1212 is a Progress Kemp LoadMaster [&#8230;] <
securityaffairs.co
rss
forum
news
Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation
[email protected] (The Hacker News)2024-11-19
Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation | Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was
feedburner.com
rss
forum
news
CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
Ajit Jasrotia2024-11-19
CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws | Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was addressed [&#8230;] The post CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
allhackernews.com
rss
forum
news
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA2024-11-18
CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA has added three new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. <a class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" href="https://www.cve.org/CVERecord?id=CVE-2024-1212" rel="noreferrer noopener" target="_blank" title
us-cert.gov
rss
forum
news

Social Media

CISA warns of active exploitation attempts targeting Progress Software's Kemp LoadMaster CVE-2024-1212. The critical unauthenticated command injection flaw allows full appliance compromise. Patch available since Feb 7—apply ASAP! Exploit details &amp; PoC already public. #Cyber #CVE
0
0
0
🚨 Security Alert: A critical OS command injection vulnerability (CVE-2024-1212) in Kemp LoadMaster is being actively exploited, enabling attackers to execute commands without authorization. Update to the latest patched version immediately to secure your systems. https://t.co/rKyjEXZESN
0
0
0
🚨 Alert: Active exploitation of critical vulnerabilities! 💻 Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812, CVE-2024-38813) under attack. Patch now to protect your systems! ⚠️ #Cybersecurity #VulnerabilityAlert #PatchManagement
0
0
0
🚨 Critical Alert! Actively exploited vulnerabilities in Kemp LoadMaster (CVE-2024-1212) and Palo Alto PAN-OS (CVE-2024-0012 &amp; CVE-2024-9474). Attackers can gain control without authentication. Patch now, restrict access, monitor systems. 🔐 https://t.co/gz8UtgbyDF
0
0
0
🔒 Patch now! Don't miss the top May #CVEs: Qnap QTS CVE-2024-27130, Fortinet FortiSIEM CVE-2024-23108, ManageEngine ADAudit CVE-2024-1212. Details &amp; mitigation in NopSec's blog: https://t.co/p0o38B586n 🔒 #cybersecurity #threatintelligence #vulnerabilitymanagement #ciso
0
0
0
CVE-2024-22026,CVE-2024-2879,CVE-2024-1212 added to #CVER. #Bugbounty #Hackerone #YesWeHack #BugCrowd #CVE #NVD #FIRST #SPLOITUS #EXPLOITDB https://t.co/Gu4i7xqhEV
0
0
0
Our weekly @metasploit wrap-up details "a module targeting CVE-2024-1212, an unauthenticated command injection vulnerability in Kemp Progress Loadmaster versions after 7.2.48.1" https://t.co/EVhGER32kf #infosec #cybersecurity
0
3
3
This week's Metasploit release improves the windows_secrets_dump module by dumping registry contents without writing to disk along with a new RCE module targeting CVE-2024-1212 in LoadMaster https://t.co/bdftyyd5VO
0
7
8
🎯Exploits for CVE-2024-0204 (9.8) &amp; CVE-2024-1212 (10) 🥊Detection for flaws in JWT implementations which lead to auth risks 🕷️Extra info about spidered responses in Website Scanner evidence 🔥Proof of exploitation for Linux OS command injection from the Website Scanner More ⬇️
1
0
0
Belangrijke update verhelpt kwetsbaarheid in progress kemp loadmaster https://t.co/ELnvFSzzMh #NCSC-2024-0087 #Kwetsbaarheid Progress Kemp #CVE-2024-1212 #cyberveiligheid #LoadMaster update #Trending #Tech #Nieuws
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppProgressloadmaster

References

ReferenceLink
[email protected]https://freeloadbalancer.com/
[email protected]https://kemptechnologies.com/
[email protected]https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
[email protected]https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
AF854A3A-2127-422B-91AE-364DA2661108https://freeloadbalancer.com/
AF854A3A-2127-422B-91AE-364DA2661108https://kemptechnologies.com/
AF854A3A-2127-422B-91AE-364DA2661108https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
AF854A3A-2127-422B-91AE-364DA2661108https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
[email protected]https://freeloadbalancer.com/
[email protected]https://kemptechnologies.com/
[email protected]https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
[email protected]https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212
GITHUBhttps://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence